How to Deploy PPPC Utility on macOS using Intune

In this post, you will learn how to deploy PPPC Utility on macOS using Intune. Let’s explore Privacy Preferences Policy Control (PPPC) configurations on managed macOS devices using Intune MDM Solution, similar to the Privacy Preferences Policy Control (PPPC) utility used in JAMF.

Before we dive in, it’s essential to understand what PPPC stands for, its benefits and purpose on macOS devices. We’ll go into detail about these aspects in this article and demonstrate by deploying a sample configuration on Intune. With this knowledge, admins can use it similarly for other apps and use cases.

Microsoft’s Intune is a brilliant MDM solution that supports multiple platforms, including Windows, macOS, iOS/iPadOS, Linux, and Android devices, all in one convenient portal. This makes it an ideal solution for organizations looking to manage multiple devices.

However, before implementing Intune in production, Administrators should evaluate whether it meets all their requirements and aligns with their organization’s purpose. By doing so, administrators can ensure they’re making the best decisions for their organization and setting themselves up for success.

Patch My PC

This article will equip you with the necessary knowledge to configure privacy settings effectively. You’ll discover how to create and deploy these configurations on managed macOS devices, which will result in a better end-user experience. By working together, we can ensure this process is successful. So, let’s jump right in and explore these methods together!

How to deploy PPPC utility on macOS using Intune Fig. 1
How to deploy PPPC utility on macOS using Intune Fig. 1

Before proceeding any further, I kindly request that you take a moment to review all the restriction policies available in the Microsoft Intune MDM Solution for managed macOS devices. This can greatly improve the end-user experience and contribute to better security and compliance in the organisation environment.

Adaptiva

If you would like to learn more about the various restriction policies that can be deployed on Apple MacOS devices using Microsoft Intune, as well as how to deploy them on managed macOS devices, please refer to my previously published article titled “How to deploy Device Restriction Settings for macOS Devices using Intune“.

What is the PPPC Utility and its Purpose

PPPC stands for Privacy Preferences Policy Control, so as the name suggests PPPC Utility are payloads that can be deployed via MDM to control preferences for applications. With the help of PPPC Utility, Admins can easily control the settings that are displayed in the ‘Privacy’ tab of the ‘Security & Privacy’ pane in System Settings as shown below.

How to deploy PPPC utility on macOS using Intune Fig. 2
How to deploy PPPC utility on macOS using Intune Fig. 2

This top-notch application is exclusively designed for macOS v10.15 and later, providing flexibility to save profiles locally. Additionally, with this, Admins can directly upload profiles to MDM Solutions without any hassle.

Previously, approving screen capture and input monitoring PPPC requests was easy for any local user (either Standard or Admin). However, with the release of macOS Big Sur and later, users are now required to authenticate the change by clicking the padlock symbol in the bottom left corner of the screen in System Preferences and entering administrator login details.

PPPC profiles can control preferences by allowing, denying, or letting users approve them. The table below shows the PPPC Utility settings.

PreferenceAllowDenyStandard User Permission
Accessibility
Admin Files
Calenders
Camera
Contacts
Desktop Folder
Documents Folder
Downloads Folder
File Provider
Full Disk Access
Input Monitoring
Media Library
Microphone
Network Volumes
Photos
Post Events
Reminders
Removable Volumes
Screen Recording
Speech recognition
Table 1 – How to deploy PPPC utility on macOS using Intune

Create mobileconfig File on PPPC Utility

As earlier, we have understood what a PPPC utility kit is and how it can benefit Admins by allowing them to create and push configurations without writing complex commands. Let us check how to create a mobile config file using a PPPC utility kit by following the steps below.

To download the kit, please go to this GitHub page. Once downloaded, please launch the PPPC Utility, and as sample, let us create policy to provide Full Disk access to a sample app Brave Browser as shown below:

  • Launch PPPC Utility app.
  • On the left side, under the Applications tab, click on the + icon and select the application that needs to be controlled or permitted.
  • Once added, On the Properties tab, allow for the properties (e.g., here we have Allowed permission for Full Disk Access) and Allow System Events
  • To create the mobileconfig file, click on save and provide the required details as shown below.
How to deploy PPPC utility on macOS using Intune Fig. 3
How to deploy PPPC utility on macOS using Intune Fig. 3

Once the mobileconfig file is created on the device, let’s use the Intune Custom profile deployment method for Admins. Follow the steps below to do it like a pro.

Deploy mobileconfig File in Intune

Admins must carefully follow each step of the profile creation process to avoid issues. Once completed, the profile can be deployed by developing an Admin Account and configuring details. The profile is then deployed to assigned devices over the air. Follow the steps below to create a profile.

  • In the Microsoft Intune admin center, under Devices > macOS > Under macOS Policies, Select Configuration Profiles.
  • To create a profile, click on Create profile, select platform macOS, Profile type Templates, under Template name, select Custom and click on Create.
How to deploy PPPC utility on macOS using Intune Fig. 4
How to deploy PPPC utility on macOS using Intune Fig. 4

Under Basics, enter a name and description for the configuration profile.

How to deploy PPPC utility on macOS using Intune Fig. 5
How to deploy PPPC utility on macOS using Intune Fig. 5

To configure settings on the configuration settings page, follow these steps:

  1. Provide a custom configuration profile name.
  2. Select the Deployment channel as the Device channel, as the profile should be active for all logged-in users.
  3. Upload the mobile configuration file created by the Admin under the configuration profile file section and click Next.
How to deploy PPPC utility on macOS using Intune Fig. 6
How to deploy PPPC utility on macOS using Intune Fig. 6

On the next page, Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.

How to deploy PPPC utility on macOS using Intune Fig. 7
How to deploy PPPC utility on macOS using Intune Fig. 7

On the next page, select Assignments group and click Next.

How to deploy PPPC utility on macOS using Intune Fig. 8
How to deploy PPPC utility on macOS using Intune Fig. 8

Once all the settings have been reviewed, click on Create to finish creating the profile.

How to deploy PPPC utility on macOS using Intune Fig. 9
How to deploy PPPC utility on macOS using Intune Fig. 9

Once the configuration profile is assigned to the group of devices, the Intune portal will reflect the status of the deployment under the configuration profile overview tab as shown below.

How to deploy PPPC utility on macOS using Intune Fig. 10
How to deploy PPPC utility on macOS using Intune Fig. 10

End User Experience – Deploy PPPC Utility on macOS

Once the device gets the deployed configuration profile, end-users can view the deployed profiles on the mac devices, by switching under System Settings > Under Privacy & Security > Profiles > To view the profile, double-click on it as shown below.

How to deploy PPPC utility on macOS using Intune Fig. 11
How to deploy PPPC utility on macOS using Intune Fig. 11

Now that we understand the process of deploying the configuration profile created by PPPC Utility, Intune also has an alternate feature: the same profile can also be deployed using Intune. Let us check out how that works.

Alternate Method – Deploy Privacy Preferences Policy Control Configuration Profiles using Intune

Now, without further ado, let us start the alternative method of profile creation in Intune by Mac Admins. Once completed, follow the steps below to create a profile that will be deployed to assigned devices over the air.

  • In the Microsoft Intune admin center, under Devices > macOS > Under macOS Policies, Select Configuration Profiles.
  • To create a profile, click on Create profile, select platform macOS, Profile type Settings Catalog and click on Create.
How to deploy PPPC utility on macOS using Intune Fig. 12
How to deploy PPPC utility on macOS using Intune Fig. 12

Under Basics, enter profile name and description and click Next.

How to deploy PPPC utility on macOS using Intune Fig. 13
How to deploy PPPC utility on macOS using Intune Fig. 13

On the Configuration settings page, Please add the settings by performing the steps:

  1. Click on Add Settings.
  2. On the right side panel, Search with Keyword Privacy and click on the visible setting Privacy Preferences Policy Control option.
  3. Once selected, you can select the settings that need to be edited, then click OK to exit the right-side panel.
How to deploy PPPC utility on macOS using Intune Fig. 14
How to deploy PPPC utility on macOS using Intune Fig. 14

To fetch the code requirement of a particular app, you can run the terminal command : codesign -dr - "path/Bundle ID" and can copy the lines that become visible after the word designated.

How to deploy PPPC utility on macOS using Intune Fig. 15
How to deploy PPPC utility on macOS using Intune Fig. 15

To fetch identifier of a particular app, you can run the terminal command : osascript -e 'id of app "App Name"' and can copy the lines gets visible below the command.

How to deploy PPPC utility on macOS using Intune Fig. 16
How to deploy PPPC utility on macOS using Intune Fig. 16

Once the settings are visible on the right side window, to edit the permission, click on Edit instance button and provide the required details as shown below.

How to deploy PPPC utility on macOS using Intune Fig. 17
How to deploy PPPC utility on macOS using Intune Fig. 17

On the next page, Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.

How to deploy PPPC utility on macOS using Intune Fig. 18
How to deploy PPPC utility on macOS using Intune Fig. 18

On the next page, select Assignments group and click Next.

How to deploy PPPC utility on macOS using Intune Fig. 19
How to deploy PPPC utility on macOS using Intune Fig. 19

Once all the settings have been reviewed, click on Create to finish creating the profile.

How to deploy PPPC utility on macOS using Intune Fig. 20
How to deploy PPPC utility on macOS using Intune Fig. 20

Conclusion

We understand that privacy is a major concern for everyone, and as such, we have written this article to assist Mac admins in deploying, restricting, or editing privacy settings available in the macOS System settings. We also recommend that these methodologies are only applicable in scenarios where end-users have standard privileges while using the macOS devices.

We want to assure you that Admins can choose the deployment method of the settings over macOS devices according to your comfort, and we hope that these methods will make it easier for users to manage their privacy settings. Thank you for trusting us to provide you with this information.

If you find my articles informative and helpful, I suggest you take a look at my recently published article on How to deploy Local Primary Account on macOS using ADE Method in Intune. This article covers topics such as what is ADE enrollment method on macOS devices.

We aim to help you get the most out of using two operating system platforms and explain the purpose and benefits of doing so efficiently and effectively. Suppose you’ve followed my articles about managing macOS devices with Microsoft Intune. In that case, I invite you to explore my other posts to broaden your knowledge. Check out all my posts here.

I would also like to share my recently published video, which provides a detailed guide on how to seamlessly upgrade macOS devices from other MDM solutions like Jamf, Jumpcloud, or Kandji to Microsoft Intune. The video offers comprehensive instructions and step-by-step guidance to ensure a successful upgrade process.

How to deploy PPPC utility on macOS using Intune Video 1

We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here. HTMD WhatsApp.

Author

Snehasis Pani has 7+ years of IT Support experience and is currently a macOS Administrator. He loves to help the community by sharing his knowledge of Apple Mac Devices Support. He is an M.Tech graduate in System Engineering. Do check out his profile on Twitter and Linkedin.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.