Home
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
Managing Configurations
Using Profiles
Profile Configurations
Profile Configurations By Category
Restrictions Profile Configurations
Configure Kernel Extensions (macOS)
Install signed or unsigned kernel extensions on macOS devices using the Kernel Extensions profile configuration.

Welcome to SOTI MobiControl 2025.1 Help
SOTI MobiControl is an enterprise mobility management solution designed to help you efficiently manage your organization's devices. Use the SOTI MobiControl Help Center to explore its full range of features.
What's New in SOTI MobiControl
Setting Up SOTI MobiControl
This section provides instructions for installing, activating, and upgrading SOTI MobiControl instances.
Using the Console
This section provides information about using the SOTI MobiControl console to perform the various management tasks.
- About the SOTI MobiControl Console
- Managing Users
- Managing Devices
- Managing Configurations
  - Using Profiles
    - Creating a Profile
    - Assigning a Profile
    - Editing Profile Access Permissions
    - Editing a Profile
    - Deleting a Profile
    - Cloning a Profile
    - Viewing Profile Assignments
    - Viewing Profile History
    - Viewing Profile Logs
    - Revoking a Profile
    - Reinstalling a Revoked Profile
    - Disabling a Profile
    - Exporting Profiles
    - Importing Profiles
    - Managing Profiles Queue
    - Downloading a Profiles List
    - Emailing a Profiles List
    - Profile Configurations
      - Profile Configurations By Category
        Security Profile Configurations
        Restrictions Profile Configurations
        Application Run Control
        Edge Browser
        Block Process
        Browser (Android Enterprise)
        Browser Proxy (Android Enterprise)
        Energy Saver
        Finder (macOS)
        Feature Control
        Firewall
        Configure Kernel Extensions (macOS)
        Install signed or unsigned kernel extensions on macOS devices using the Kernel Extensions profile configuration.
        Multi-App Kiosk Mode
        Single-App Kiosk Mode
        Notifications (macOS)
        Login Window
        Lockdown | Using the Configuration
        Network Restrictions
        Parental Controls
        Passcode (macOS Device)
        Configuring Phone Calls
        Setup Assistant
        Single App Mode
        System Extensions (macOS Device)
        Web Content Filter (macOS)
        Web Content Filter
        Web Filter
        Web Content Filter
        Work Profile Compliance
        Personal Play Policy
        Use the Personal Play Policy to manage application installation for the Personal Playstore.
        Windows Information Protection
        Kiosk Mode ChromeOS
        Unified Write Filter
        Configuring Group Policy Objects
        Configure and deploy Group Policy Objects (GPOs) to manage Windows Modern device settings using SOTI MobiControl.
        Manage Registry Settings for Windows Modern Devices
        Manage device registry settings for your Windows Modern devices.
        Email, Contact, and Calendar Profile Configurations
        Connectivity Profile Configurations
        Other Profile Configurations
        SOTI Apps Profile Configurations
      - Profile Configurations By Platform
    - Declarative versus Reactive Profiles
  - Using Advanced Configurations
  - Using Settings Manager
- Managing Applications
- Managing Data
- Monitoring Devices
- Troubleshooting Device Issues
- Generating Reports
- Managing System Settings
- Other Features
- SOTI MobiControl Console Reference
System Health
View vital system stats in a variety of interactive, up-to-date charts and tables.
SOTI MobiControl Administration
This section provides information about how to perform various administrative tasks related to SOTI MobiControl. These tasks include monitoring your SOTI MobiControl system, changing deployment settings, integrating SOTI MobiControl with third-party applications, and performing various modifications that extend SOTI MobiControl beyond its standard configuration.
Using Package Studio
This section provides information about how to use SOTI MobiControl Package Studio to create data packages for devices.
Using Script Commands
Send scripts and execute commands on your devices with SOTI MobiControl. Script commands are supported on the following platforms:
Using SOTI MobiControl Stage
This section provides information about how to use SOTI MobiControl Stage to quickly and easily enroll devices.
Cloud Link Agent
Glossary
Notices

Configure Kernel Extensions (macOS)

Install signed or unsigned kernel extensions on macOS devices using the Kernel Extensions profile configuration.

Before you begin

Ensure the following requirements are met:

The device is running macOS 10.13.2 or later. For details, see Apple's Developer documentation.
You must have Manage Profile permissions. See General Permissions.

Tip: On Apple silicon Macs not enrolled in Apple School Manager or Apple Business Manager, set the security policy to Reduced Security to allow kernel extension loading. See Apple's support documentation.

About this task

Use the Kernel Extensions profile configuration to control which kernel extensions can load on macOS devices. This is useful when managing device-level drivers or custom system extensions that require explicit user or administrator approval.

Procedure

Create or edit a Reactive macOS Device profile. See Creating a Profile and Editing a Profile.
From the Security & Restrictions configurations list, add the Kernel Extensions configuration.
Optional: Toggle on Allow User to Approve Additional Kernel Extensions to let users approve kernel extensions not explicitly listed in the profile.
Select (Add) in the Valid Signed Kernel Extensions section to add team identifiers for software vendors whose signed kernel extensions should be allowed.

Example: com.example.kext.mydriver.
Select (Add) in the Kernel Extensions section to specify the bundle and team identifiers for allowed kernel extensions.
Example:
- Bundle ID: com.example.mydriver.
- Team ID: com.example.kext.mydriver.
Tip: Leave the team identifier blank for unsigned legacy extensions.

Results

Once the profile is deployed:

The specified kernel extensions are allowed to load on macOS devices.
Depending on the configuration, users may no longer see prompts for approving extensions.