Skip to main content

MDM Profiles

Cyberhaven offers an MDM configuration profile for the installation of macOS Sensors. MDM profiles are essential for the Cyberhaven sensor to function correctly. They ensure proper communication and management of the sensor on macOS devices. Without an MDM profile, the sensor remains non-functional until the profile is deployed.

The profile varies depending on the version and includes specific settings and features.

Read more about the capabilities included in each version, Compatibility Reference for MDM Profiles and Versions.

What is included in the latest Cyberhaven MDM profile

From 23.02 onwards, the Cyberhaven MDM configuration profile Cyberhaven.mobileconfig is updated, so that now it supersedes prior MDM profiles. This is a summary of what is included in the profile available for download from the Cyberhaven Console version 23.02 or newer (Cyberhaven MDM profile version 2.0.1 or newer).

  • Support for FullDiskAccess and other permissions that were included with older Cyberhaven MDM profiles.
  • Fixes for some missing permissions that could result in end-user-visible permission popups.
  • Support for Microsoft Edge browser (previously was a separate MDM profile).
  • Use Cyberhaven's Chrome browser extension with Manifest V3.
  • Configuration for a trusted SSL certificate to provide HTTPS support for browser extensions
  • Privacy settings for the Cyberhaven System Extension. These privacy settings will facilitate the future rollout of the Cyberhaven System Extension.

To automatically enable Cyberhaven as a managed login item, also deploy this separate profile.

Upgrading MDM configuration profiles

A new macOS MDM configuration profile is available since version 23.02 and can be obtained from the Cyberhaven Console. This is a monolithic profile that contains many of the individual profiles that were available in our documentation as optional profiles.

If you deployed an MDM configuration profile obtained from a Cyberhaven Console prior to version 23.02, then Cyberhaven recommends that you deploy the new version. Else, you can skip this section.

To upgrade your Cyberhaven MDM profiles deployed prior to 23.02, download the latest version from the Cyberhaven Console and update the Cyberhaven MDM configuration profile in your MDM solution. The MDM profile is backward compatible with older agents, so you can still do this step if you have agents with versions < 23.02 still active in your environment.

You can download the latest MDM configuration profile from the Cyberhaven Console.

  1. In the Console, go to the Endpoint Sensors page and click on Sensor Installers.
  2. Select the macOS tab and download the Cyberhaven.mobileconfig MDM configuration profile.
  3. Upload the new profile to your MDM solution.

To avoid privacy-related popups while switching to the new profile, there are two options:

Option 1: upload new profile and then remove the old one

You can follow the following steps in your MDM for upgrading the configuration profile:

  1. Import the new MDM profile and deploy to the same set of users - this will deploy it side-by-side with the old version.
  2. Check that it was deployed correctly - most MDM solutions have logs that show to which users the profile was deployed.
  3. Remove the old MDM profile.
  4. After updating your MDM with the latest configuration profile, you must restart the Sensor so that it picks up the latest MDM profile. Run the following CLI command.sudo /Applications/Cyberhaven.app/Contents/Resources/restart.zsh

Option 2: edit in place the existing MDM configuration profile

If your MDM provider allows that, you could simply edit in place the existing Cyberhaven configuration profile.

  1. Paste the content of the .mobileconfig file with the newly obtained MDM profile instead of the previous Cyberhaven Configuration Profile, save and then the profile will be made available to all endpoints immediately.
  2. If you have deployed any of the optional Cyberhaven MDM profiles (e.g., the configuration of the Chrome/Edge/Safari browsers extensions, login items configuration, then you can safely remove those).
  3. After updating your MDM with the latest configuration profile, you must restart the Sensor so that it picks up the latest MDM profile. Run the following CLI command: sudo /Applications/Cyberhaven.app/Contents/Resources/restart.zsh

Safari browser extension

Please follow this support article on how to enable this feature: Safari Extension Deployment