fleet/it-and-security/lib/macos/configuration-profiles/santa-configuration.mobileconfig

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>PayloadContent</key>
	<array>
		<dict>
			<key>PayloadDescription</key>
			<string>Allows Santa background tasks without notifications</string>
			<key>PayloadDisplayName</key>
			<string>Background Apps</string>
			<key>PayloadIdentifier</key>
			<string>com.fleetdm.santa.servicemanagement</string>
			<key>PayloadOrganization</key>
			<string>Fleet</string>
			<key>PayloadType</key>
			<string>com.apple.servicemanagement</string>
			<key>PayloadUUID</key>
			<string>1161A7ED-2E7B-4744-B933-D3B9F58A1AAE</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Rules</key>
			<array>
				<dict>
					<key>RuleType</key>
					<string>TeamIdentifier</string>
					<key>RuleValue</key>
					<string>ZMCG7MLDV9</string>
				</dict>
			</array>
		</dict>
		<dict>
			<key>PayloadContent</key>
			<dict>
				<key>com.northpolesec.santa</key>
				<dict>
					<key>Forced</key>
					<array>
						<dict>
							<key>mcx_preference_settings</key>
							<dict>
								<key>BannedBlockMessage</key>
								<string>This application has been blocked by a security policy.</string>
								<key>ClientMode</key>
								<integer>1</integer>
								<key>FileChangesRegex</key>
								<string>^/(?!(?:private/tmp|Library/(?:Caches|Managed Installs/Logs|(?:Managed )?Preferences))/)</string>
								<key>MachineIDKey</key>
								<string>MachineUUID</string>
								<key>MachineIDPlist</key>
								<string>/Library/Preferences/com.company.machine-mapping.plist</string>
								<key>MachineOwnerKey</key>
								<string>Owner</string>
								<key>MachineOwnerPlist</key>
								<string>/Library/Preferences/com.company.machine-mapping.plist</string>
								<key>ModeNotificationLockdown</key>
								<string>Entering Lockdown mode</string>
								<key>ModeNotificationMonitor</key>
								<string>Entering Monitor mode&lt;br/&gt;Please be careful!</string>
								<key>SyncBaseURL</key>
								<string></string>
							</dict>
						</dict>
					</array>
				</dict>
			</dict>
			<key>PayloadDescription</key>
			<string>Manages Santa's configuration settings</string>
			<key>PayloadDisplayName</key>
			<string>Santa Configuration</string>
			<key>PayloadEnabled</key>
			<true/>
			<key>PayloadIdentifier</key>
			<string>com.fleetdm.santa.preferences</string>
			<key>PayloadOrganization</key>
			<string>Fleet</string>
			<key>PayloadType</key>
			<string>com.apple.ManagedClient.preferences</string>
			<key>PayloadUUID</key>
			<string>359E3C7D-396F-4C45-99E7-F429620B9B21</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
		<dict>
			<key>NotificationSettings</key>
			<array>
				<dict>
					<key>AlertType</key>
					<integer>1</integer>
					<key>BadgesEnabled</key>
					<true/>
					<key>BundleIdentifier</key>
					<string>com.northpolesec.santa</string>
					<key>CriticalAlertEnabled</key>
					<true/>
					<key>NotificationsEnabled</key>
					<true/>
					<key>ShowInLockScreen</key>
					<true/>
					<key>ShowInNotificationCenter</key>
					<true/>
					<key>SoundsEnabled</key>
					<false/>
				</dict>
			</array>
			<key>PayloadDescription</key>
			<string>Configures notification settings for Santa</string>
			<key>PayloadDisplayName</key>
			<string>Notifications Settings</string>
			<key>PayloadIdentifier</key>
			<string>com.fleetdm.santa.notificationsettings</string>
			<key>PayloadOrganization</key>
			<string>Fleet</string>
			<key>PayloadType</key>
			<string>com.apple.notificationsettings</string>
			<key>PayloadUUID</key>
			<string>510236AE-D7F8-4131-A4CA-5CC930C51866</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
		<dict>
			<key>AllowedSystemExtensionTypes</key>
			<dict>
				<key>ZMCG7MLDV9</key>
				<array>
					<string>EndpointSecurityExtension</string>
				</array>
			</dict>
			<key>AllowedSystemExtensions</key>
			<dict>
				<key>ZMCG7MLDV9</key>
				<array>
					<string>com.northpolesec.santa.daemon</string>
				</array>
			</dict>
			<key>NonRemovableSystemExtensions</key>
			<dict>
				<key>ZMCG7MLDV9</key>
				<array>
					<string>com.northpolesec.santa.daemon</string>
				</array>
			</dict>
			<key>PayloadDescription</key>
			<string>Allow Santa's system extension and prevent removal</string>
			<key>PayloadDisplayName</key>
			<string>System Extension</string>
			<key>PayloadIdentifier</key>
			<string>com.fleetdm.santa.system-extension</string>
			<key>PayloadOrganization</key>
			<string>Fleet</string>
			<key>PayloadType</key>
			<string>com.apple.system-extension-policy</string>
			<key>PayloadUUID</key>
			<string>67EF74B6-F4FB-49FC-A086-5DE3E61B838A</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
		</dict>
		<dict>
			<key>PayloadDescription</key>
			<string>Allows full-disk access for Santa</string>
			<key>PayloadDisplayName</key>
			<string>TCC Permissions</string>
			<key>PayloadIdentifier</key>
			<string>com.fleetdm.santa.tcc</string>
			<key>PayloadOrganization</key>
			<string>Fleet</string>
			<key>PayloadType</key>
			<string>com.apple.TCC.configuration-profile-policy</string>
			<key>PayloadUUID</key>
			<string>8339162A-75E7-4E07-91DC-45DC939A4764</string>
			<key>PayloadVersion</key>
			<integer>1</integer>
			<key>Services</key>
			<dict>
				<key>SystemPolicyAllFiles</key>
				<array>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>identifier "com.northpolesec.santa.daemon" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = ZMCG7MLDV9</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.northpolesec.santa.daemon</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
					<dict>
						<key>Allowed</key>
						<true/>
						<key>CodeRequirement</key>
						<string>identifier "com.northpolesec.santa.bundleservice" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = ZMCG7MLDV9</string>
						<key>Comment</key>
						<string></string>
						<key>Identifier</key>
						<string>com.northpolesec.santa.bundleservice</string>
						<key>IdentifierType</key>
						<string>bundleID</string>
						<key>StaticCode</key>
						<false/>
					</dict>
				</array>
			</dict>
		</dict>
	</array>
	<key>PayloadDescription</key>
	<string>Santa configuration including background apps, settings, notifications, system extension, and TCC permissions</string>
	<key>PayloadDisplayName</key>
	<string>Santa configuration</string>
	<key>PayloadEnabled</key>
	<true/>
	<key>PayloadIdentifier</key>
	<string>com.fleetdm.santa.configuration</string>
	<key>PayloadOrganization</key>
	<string>Fleet</string>
	<key>PayloadRemovalDisallowed</key>
	<false/>
	<key>PayloadScope</key>
	<string>System</string>
	<key>PayloadType</key>
	<string>Configuration</string>
	<key>PayloadUUID</key>
	<string>BBA4AD4E-9A70-4EF7-B33A-072D05B128C0</string>
	<key>PayloadVersion</key>
	<integer>1</integer>
</dict>
</plist>