New privacy controls implemented in macOS 10.14 (Mojave) require this prompt which can cause confusion for your end users or worse, prevent them from patching Microsoft Office applications. If you use a Mobile Device Manager (MDM) with your macOS devices, you can hide this prompt and force allow this patching behavior with a Privacy Preferences Policy Control profile and Automox Agent 28 or newer.

This profile payload can apply to devices that have a User Approved MDM Profile or devices deployed with Apple Business Manager (previously named Apple Device Enrollment Program).

Depending on your MDM, this payload might be named Privacy Preference or Privacy Preferences Policy Control. The following information is needed to populate this profile:

Identifier: /usr/local/bin/amagent
Identifier Type: Path
Code Requirement: identifier "com.automox.agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DAEQ58A4ES
Validate the Static Code Requirement: Off

App or Service: AppleEvents
Access: Allow
Receiver Identifier: com.microsoft.autoupdate2
BundleID: identifier "com.microsoft.autoupdate2" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9

Jamf Pro:

SimpleMDM:

Related Topics:
macOS Requires Security Approval for Microsoft Office Patches


Did this answer your question?