Enable Kernel Extensions in the GlobalProtect App for macOS Endpoints
Starting with macOS 10.13, Apple introduced
a software change that requires users to approve kernel extensions
before they can use them. The GlobalProtect App on macOS uses a
kernel extension in order to support Split Tunneling and Enforce GlobalProtect for Network
Access. When users access the GlobalProtect app that has
these features enabled, the app displays the following message:
macOS requires user approval to load GlobalProtect Kernel Extension. Please navigate to macOS System Preferences > Security & Privacy and select Allow. If the issue persists, please contact your IT Administrator.
allow GlobalProtect app users to automatically load the kernel extension without
receiving this message, you can use MDM to create a policy for that
Users can enable kernel extensions in macOS
Security & Privacy
for the kernel extension
that was blocked from loading. Apple Technical Note TN2450 describes
the process. However, this method requires the user to manually
approve the kernel extension.
The following steps use MobileIron
to configure a policy to automatically approve the kernel extension.
While this configuration has been tested with MobileIron, you can
use any Qualified MDM vendor to
create and implement this policy.
In MobileIron, select
macOS Kernel Extension Policy
You can also select an existing
Give the policy a
team identifier and kernel extension.
by the GlobalProtect app (
) and the
the team ID and kernel extension.
then select the policy to be distributed to