Adding macOS Agents to a Computer Testing Group

The Policy Configuration examples in the following section will use a Learning Mode Policy that enables us to perform actions (i.e. run applications) on a test computer that Privilege Manager will then pick up. This makes targeting specific applications during policy creation easy.

Creating a macOS Test Computer Group

To create a Monitoring (or Learning Mode Policy) on your Mac, begin by

  1. Creating a macOS based test computer group:

    1. Navigate to Computer Groups.

    2. Click Create Computer Group.

    3. From the Platform drop-down select macOS.

    4. Enter a name and description for your new group.

    5. Click Create.

      macOS computer group

    6. Add the macOS endpoints you want to be part of the computer group.

    7. Click Save Changes.

    8. Pin your computer group to the left navigation menu for quick access. Click the bookmark icon next to the computer group name.

Setting Up Monitoring Policies for macOS

  1. Under your macOS Test Computers Computer Group select Application Policies and click Create Application Policy.

  2. From the Policy Wizard select Monitoring and click Next Step.

  3. Select Everything and click Next Step.

  4. Enter a name, for example macOS Catch-all Monitor Policy.

  5. Click Create Policy.

    policy

  6. Customize the policies Conditions, Actions, and Policy Enforcement, for example:

    • Under Applications Targeted, click Add Application Target and search for and add macOS/Users/File Specification.

    • Under Exclusions, click Edit and add Default App Bundles File Specification Filter to the exclusion list.

    • Under Show Advanced | Policy Enforcement set the switch for Stage 2 Processing to active an all others to inactive.

      enforcement

  7. Click Save Changes

  8. Set the Inactive switch to Active.

This "Testing Computers" group should only be used for testing specific machines and configuration purposes. It should not be assigned to large groups of computers in your production environment.

Verify that under Actions the Audit Policy Events switch is active.