モバイルデバイス管理 (MDM) を使用することで、管理者はmacOSエージェントがエンドユーザからの追加操作なしで動作するために必要な権限を設定できます。権限の設定に加えて、以下のセクションでは、macOSエージェントのZero
Trust Secure Accessがエンドユーザにポップアップ (例えば、許可を求めるもの) を表示せずに動作するようにMDMを適切に展開するための手順を提供します。
 |
注意このドキュメントは、Microsoft Intuneの詳細な構成手順を提供します。他のMDMプラットフォーム、例えばJamf、AirWatch (Workspace
ONE) やその他のソリューションについては、Mac用セキュリティエージェントのMDMプロファイルの作成と構成を参照してください。
|
Microsoft Intuneを使用してモバイルデバイス管理プロファイルを展開する
Microsoft Intuneを使用してモバイルデバイス管理プロファイルを展開するには:
- Microsoft Intuneにログインしてください。
- [デバイス] > [macOS] をクリックして、macOSデバイスの設定ページに移動します。
- [Configuration profiles] > [プロファイルを作成] に移動し、[テンプレート] を選択してください。
- [カスタム]を選択します。(この方法では、システム拡張、Webコンテンツフィルタ、フルディスクアクセス、サービス管理プロファイルを含むすべてのタイプのプロファイルを展開するために、自作の.mobileconfigファイルをアップロードできます。)
- [Basics]セクションで、macOSプロファイルの[名前]と[説明]を提供してください。
- [Configuration settings]セクションで、[Configuration profile name]を追加し、.mobileconfig[Configuration profile file](例: SystemExtension.mobileconfig) をアップロードします。
- [割り当て]セクションで、[Included groups]または[Excluded groups]を設定し、どのデバイスがプロファイルを受信するかを制御します。
- [Review + create]セクションで設定を確認し、プロファイルを作成してください。
- [Basics]セクションで、macOSプロファイルの[名前]と[説明]を提供してください。
- デプロイメントが長時間更新されない場合は、[割り当て]をクリックして再実行してください。
ヒント
プロファイル概要ページで展開の進捗をモニタできます。完了すると、[配信ステータス]は「成功」と表示されます。
- 管理されたMacコンピュータで、[System Settings > Privacy & Security > Profiles]を確認してプロファイルがインストールされていることを確認してください。
- システム拡張、Webコンテンツフィルタ、フルディスクアクセス、サービス管理 - 管理対象ログイン項目の各.mobilconfigプロファイルに対して、手順3-6を繰り返します。
|
注意代替のデプロイメント方法や他のMDMプラットフォームについては、AirWatch (Workspace ONE) および Microsoft Intune を使用して Mac にエンドポイントおよび Workload Security
エージェントをインストールするを参照してください。
|
システム拡張機能を構成する
Appleのソフトウェア開発者向けガイドラインの変更に準拠するため、macOS Big Sur 11.0以降、カーネル拡張はシステムによってロードされません。macOSエージェント用のZero
Trust Secure Accessは、Network Extensionフレームワークを使用したシステム拡張を利用して、安全なアクセス機能を提供します。
Network Extensionフレームワークを使用すると、コアネットワーキング機能をカスタマイズおよび拡張できます。レファレンス/参照情報については、https://developer.apple.com/documentation/networkextensionを参照してください。
次のシステム拡張フィールドが必要です。
<key>AllowUserOverrides</key> <true/> <key>AllowedSystemExtensions</key> <dict> <key>E8P47U2H32</key> <array> <string>com.trendmicro.ztnasase.tunnel</string> </array> </dict> <key>PayloadType</key> <string>com.apple.system-extension-policy</string> <key>PayloadDisplayName</key> <string>System Extension</string>
以下は、システム拡張を許可するMDM構成プロファイルの例です:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>AllowUserOverrides</key>
<true/>
<key>AllowedSystemExtensions</key>
<dict>
<key>E8P47U2H32</key>
<array>
<string>com.trendmicro.ztnasase.tunnel</string>
</array>
</dict>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>System Extensions</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.yourorg.systemextension</string>
<key>PayloadOrganization</key>
<string>Your Org.</string>
<key>PayloadType</key>
<string>com.apple.system-extension-policy</string>
<key>PayloadUUID</key>
<string>170970B2-F040-49C1-9325-05E27BB63C6A</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string></string>
<key>PayloadDisplayName</key>
<string>System Extension</string>
<key>PayloadEnabled</key>
<true/>
<key>PayloadIdentifier</key>
<string>com.apple.system-extension-policy.EB63187C-EDAB-4CEE-9311-4DDB40587CED</string>
<key>PayloadOrganization</key>
<string>Your Org.</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>com.apple.system-extension-policy.EB63187C-EDAB-4CEE-9311-4DDB40587CED</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
Webコンテンツフィルタを設定する
デバイス上のネットワークコンテンツフィルターは、ネットワークスタックを通過するユーザーネットワークコンテンツを調査し、そのコンテンツをブロックするか、最終目的地に通過させるかを判断します。詳細については、コンテンツフィルタープロバイダーを参照してください。
MDMプロファイルを作成する際、以下のWebコンテンツフィルターフィールドが必要です:
<key>FilterBrowsers</key> <true/> <key>FilterDataProviderBundleIdentifier</key> <string>com.trendmicro.ztnasase.tunnel</string> <key>FilterDataProviderDesignatedRequirement</key> <string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string> <key>FilterGrade</key> <string>firewall</string> <key>FilterPackets</key> <true/> <key>FilterSockets</key> <true/> <key>FilterType</key> <string>Plugin</string> <key>PayloadType</key> <string>com.apple.webcontent-filter</string> <key>PluginBundleID</key> <string>com.trendmicro.ztnasase</string>
以下は、内部VPNセットアップを容易にするためのWebコンテンツフィルタープロファイル設定の例です。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>FilterBrowsers</key>
<true/>
<key>FilterDataProviderBundleIdentifier</key>
<string>com.trendmicro.ztnasase.tunnel</string>
<key>FilterDataProviderDesignatedRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>FilterGrade</key>
<string>firewall</string>
<key>FilterPackets</key>
<true/>
<key>FilterSockets</key>
<true/>
<key>FilterType</key>
<string>Plugin</string>
<key>PayloadDescription</key>
<string>Adds a Web Content Filter</string>
<key>PayloadDisplayName</key>
<string>ZTSA Web Content Filter</string>
<key>PayloadIdentifier</key>
<string>D738AB74-9848-4097-9429-137DB1C9ZTSA</string>
<key>PayloadOrganization</key>
<string></string>
<key>PayloadType</key>
<string>com.apple.webcontent-filter</string>
<key>PayloadUUID</key>
<string>D738AB74-9848-4097-9429-137DB1C9ZTSA</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>PluginBundleID</key>
<string>com.trendmicro.ztnasase</string>
<key>UserDefinedName</key>
<string>Trend Micro - ZTSA</string>
</dict>
</array>
<key>PayloadDescription</key>
<string>YourOrg</string>
<key>PayloadDisplayName</key>
<string>YourOrg</string>
<key>PayloadIdentifier</key>
<string>66CE283B-CA7E-49E3-BA51-A396ACE2ZTSA</string>
<key>PayloadOrganization</key>
<string>YourOrg</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>A19134F2-F9C3-4F35-B10B-1E75613BZTSA</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
フルディスクアクセスの設定
|
注意特定の設定手順については、https://success.trendmicro.com/dcx/s/solution/000277823?language=en_US.を参照してください
|
macOS Mojave (10.14) で導入されたフルディスクアクセス権限は、プライバシー機能であり、メール、メッセージ、TimeMachine、Safariファイルなどの重要なデータへの一部アプリケーションのアクセスを防ぎます。これらの保護された領域にアクセスするためには、特定のアプリケーションに対して手動で権限を付与する必要があります。
|
注意以前のバージョンのmacOS (10.13以下) では、製品のインストール時にこの権限が自動的に付与されます。
|
 |
警告フルディスクアクセスが有効になっていない場合、Zero Trust Secure Accessは特定のネットワークアクセスシナリオや構成管理タスクで正常に機能しない可能性があります。
|
フルディスクアクセス用のモバイルデバイス管理プロファイルを作成する際は、Privacy Preferences Policy Control Utility (PPPC
Utility) アプリを使用することをお勧めします。
以下は必要なパスと権限です:
- インストールパス:
/Applications/Zero Trust Secure Access.app/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access
- 必要な権限:
- プロパティ:アクセシビリティ → 許可
- プロパティ:すべてのファイル → 許可
- Appleイベント:システムイベント → 許可
以下は、アプリケーション実行中にユーザプロンプトを抑制するPPPC構成プロファイルの例です。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDescription</key>
<string> Your Org.- ZTSA PPPC</string>
<key>PayloadDisplayName</key>
<string> Your Org.- ZTSA PPPC</string>
<key>PayloadIdentifier</key>
<string>0AC7C2F2-B3E7-4B5F-8B92-A1F905501BAF</string>
<key>PayloadOrganization</key>
<string> Your Org.- ZTSA PPPC</string>
<key>PayloadType</key>
<string>com.apple.TCC.configuration-profile-policy</string>
<key>PayloadUUID</key>
<string>C47E2D8A-3A91-4E35-8027-1EABFEB50D9A</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Services</key>
<dict>
<key>Accessibility</key>
<array>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>AppleEvents</key>
<array>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>AEReceiverIdentifierType</key>
<string>path</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>AEReceiverIdentifierType</key>
<string>path</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.apple.systemevents" and anchor apple</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.systemevents</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.apple.systemevents" and anchor apple</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.systemevents</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>AEReceiverIdentifierType</key>
<string>path</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>com.trendmicro.ztnasase</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.apple.systemevents" and anchor apple</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.systemevents</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>com.trendmicro.ztnasase</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>AEReceiverIdentifierType</key>
<string>path</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>AEReceiverIdentifier</key>
<string>com.trendmicro.ztnasase</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>AEReceiverCodeRequirement</key>
<string>identifier "com.apple.systemevents" and anchor apple</string>
<key>AEReceiverIdentifier</key>
<string>com.apple.systemevents</string>
<key>AEReceiverIdentifierType</key>
<string>bundleID</string>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicyAllFiles</key>
<array>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicyDesktopFolder</key>
<array>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicyDocumentsFolder</key>
<array>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
<key>SystemPolicyDownloadsFolder</key>
<array>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier ztnp and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/ztnp</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>/Applications/Zero Trust Secure Access.app/Contents/MacOS/Zero Trust Secure Access</string>
<key>IdentifierType</key>
<string>path</string>
</dict>
<dict>
<key>Authorization</key>
<string>Allow</string>
<key>CodeRequirement</key>
<string>identifier "com.trendmicro.ztnasase.openvpn" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32</string>
<key>Comment</key>
<string></string>
<key>Identifier</key>
<string>com.trendmicro.ztnasase.openvpn</string>
<key>IdentifierType</key>
<string>bundleID</string>
</dict>
</array>
</dict>
</dict>
</array>
<key>PayloadDescription</key>
<string>Your Org</string>
<key>PayloadDisplayName</key>
<string>Your Org</string>
<key>PayloadIdentifier</key>
<string>0AC7C2F2-B3E7-4B5F-8B92-A1F905501BAF</string>
<key>PayloadOrganization</key>
<string>Your Org</string>
<key>PayloadScope</key>
<string>System</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>FEE78DB2-FAAC-4A56-9503-9ECFB7A0E419</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
サービス管理の構成 - 管理されたログイン項目 (macOS 13.0 Ventura以降)
macOS 13.0 Venturaから、LaunchAgentsとLaunchDaemons (/Libraryと~/Libraryの両方) は[システム設定] > [一般] > [Login Items]ペインから管理されるようになりました。これらは「バックグラウンドで許可」の項目です。
以下の設定が必要です。
<key>Rules</key> <array> <dict> <key>Comment</key> <string>Trend Micro</string> <key>RuleType</key> <string>TeamIdentifier</string> <key>RuleValue</key> <string>E8P47U2H32</string> </dict> <dict> <key>RuleType</key> <string>LabelPrefix</string> <key>RuleValue</key> <string>com.trendmicro.ztnasase</string> </dict> </array>
以下は、ログイン項目とバックグラウンドプロセスを管理するサービス管理構成プロファイルの例です。
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>PayloadDisplayName</key>
<string>Service Management - Managed Login Items</string>
<key>PayloadIdentifier</key>
<string>com.apple.servicemanagement.EE60CA62-F2C3-4E0D-A5EE-0B48CAADF5DB</string>
<key>PayloadType</key>
<string>com.apple.servicemanagement</string>
<key>PayloadUUID</key>
<string>EE60CA62-F2C3-4E0D-A5EE-0B48CAADF5DB</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Rules</key>
<array>
<dict>
<key>Comment</key>
<string>Trend Micro</string>
<key>RuleType</key>
<string>TeamIdentifier</string>
<key>RuleValue</key>
<string>E8P47U2H32</string>
</dict>
<dict>
<key>RuleType</key>
<string>LabelPrefix</string>
<key>RuleValue</key>
<string>com.trendmicro</string>
</dict>
<dict>
<key>RuleType</key>
<string>LabelPrefix</string>
<key>RuleValue</key>
<string>com.trendmicro.ztnasase</string>
</dict>
</array>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>Trend Micro - Login Items</string>
<key>PayloadIdentifier</key>
<string>B631E20B-CC84-4E45-991D-11258DA55B39</string>
<key>PayloadOrganization</key>
<string>Trend Micro, Inc.</string>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>B631E20B-CC84-4E45-991D-11258DA55B39</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>