Enhance Security by managing System Extensions for macOS

4 min read

by Mosyle Team


Enhance Security by managing System Extensions for macOS

Using Apple devices in the workplace is becoming an increasingly popular option for companies as it helps increase employee engagement and motivation. However, when it comes to using any sort of device at a company, there are always concerns about security. Is personal information safe? How can you make sure that all the best provisions are in place to ensure optimal security?

This is especially the case when your IT team manages an entire fleet of hundreds of Apple devices or uses a shared device program like Mac labs. With System Extensions, you can leverage security to keep your macOS devices, end-users and the company safe from privacy breaches.

In this article, we’ll go over what System Extensions are, why they’re replacing Kernel Extensions for macOS and how you can use System Extensions to enhance security at your company. We’ll also share how an Apple mobile device management (MDM) solution can help further streamline your workflows.

What are Kernel Extensions and System Extensions?

The kernel is the core of the OS and Kernel Extensions, or .KEXTs, are pieces of software that extend the core of the OS. Once a kernel extension is used, it becomes part of the kernel and gains access to every part of the Mac computer. Some examples of .KEXTs are drivers and network filters.

Using .KEXTs comes with many risks, because if the extension contains an error, it could harm the entire system by causing a kernel panic. This means that .KEXTs have to be bug-free from the start. That’s why Apple has started phasing out the ability to use .KEXTs and has instead introduced System Extensions starting with macOS Catalina. Learn about the benefits of using macOS Catalina here.

System Extensions are different because they run in userspace and follow the security policy, meaning they are less harmful. Kernel extensions have certain restrictions on dynamic memory allocation and cannot use system frameworks, but system extensions don’t have those types of restrictions. This is what makes system extensions so viable, because you can use almost any language and any framework while ensuring security.

Do you need an Apple device management software to manage extensions?

When it comes to using extensions for an entire fleet of Mac computers, an Apple device management solution can really come in handy. It can help you streamline deployment workflows, saving you time and effort overall. For example, if you’re looking to deploy anti-virus to multiple devices at once, you can easily do that using a mobile device management (MDM) solution like Mosyle Business.

How Mosyle Business can help you manage system extensions on Mac computers

In Mosyle Business, there are some specific management profiles that help you use the types of extensions we’ve gone over. To configure this profile simply log in to Mosyle Business and navigate to the Management area.

a) Kernel Extensions

Select the Kernel Extensions profile from the menu on the left and click Add new profile. Fill out the profile and choose whether or not you’d like to Allow User Override. Choose the Profile Assignment and then click save.

b) System Extensions

Select System Extensions profile from the menu on the left and then click Add new profile. Fill out the profile, choose the Profile Assignment and then click save.

If you need any help configuring this profile for your fleet of Apple devices, you can reach out to our Customer Success team by navigating to the Help Center. They’ll be happy to help with any questions you may have.

You can use system extensions to elevate the security at your organization with an MDM solution like Mosyle Business.

Ready to get started? Sign up for a free 30-day trial!