Using Apple devices in the classroom is becoming an increasingly popular option for schools as doing so helps increase student engagement and motivation. However, when it comes to using any sort of device in a K-12 educational environment, there are always concerns about security.
Is personal information safe? How can you make sure that all the best provisions are in place to ensure optimal security? This is especially the case when your IT team manages an entire fleet of hundreds of devices or uses a shared device program like Mac labs. With system extensions, you can leverage security to keep your devices, students, teachers and staff safe from privacy breaches.
In this article, we’ll go over what system extensions are, why they’re replacing kernel extensions for macOS and how you can use system extensions to enhance security. We’ll also share how a mobile device management (MDM) solution can help further streamline your workflows.
The kernel is the core of the OS and Kernel Extensions, or .KEXTs, are pieces of software that extend the core of the OS. Once a kernel extension is used, it becomes part of the kernel and gains access to every part of the Mac computer. Some examples of .KEXTs are drivers and network filters.
Using .KEXTs comes with many risks, because if the extension contains an error, it could harm the entire system by causing a kernel panic. This means that .KEXTs have to be bug-free from the start. That’s why Apple has started phasing out the ability to use .KEXTs and has instead introduced System Extensions starting with macOS Catalina. Learn about the benefits of using macOS Catalina here.
System Extensions are different because they run in userspace and follow the security policy, meaning they are less harmful. Kernel extensions have certain restrictions on dynamic memory allocation and cannot use system frameworks, but system extensions don’t have those types of restrictions. This is what makes system extensions so viable, because you can use almost any language and any framework while ensuring security.
When it comes to using extensions for an entire fleet of Mac computers, an Apple device management solution can really come in handy. It can help you streamline workflows, saving you time and effort overall. For example, if you’re looking to deploy anti-virus to multiple devices at once, you can easily do that using a mobile device management (MDM) solution like Mosyle Manager.
How Mosyle Manager can help you manage system extensions on Mac computers
In Mosyle Manager, there is a specific management profile that helps you use the types of extensions we’ve gone over. To configure this profile simply log in to Mosyle Manager and navigate to the Management area.
a) Kernel Extensions
Select the Kernel Extensions profile from the menu on the left and click Add new profile. Fill out the profile and choose whether or not you’d like to Allow User Override. Choose the Profile Assignment and then click save.
b) System Extensions
Select System Extensions profile from the menu on the left and then click Add new profile. Fill out the profile, choose the Profile Assignment and then click save.
If you need any help configuring this profile for your fleet of Apple devices, you can reach out to our Customer Success team by navigating to the Help Center. They’ll be happy to help with any questions you may have.
You can use system extensions to elevate the security at your K-12 school with an MDM solution like Mosyle Manager
Ready to get started? Sign up for a free Mosyle Manager account!
Save countless hours of IT effort while empowering teachers to manage iPad, Mac, and Apple TV devices in the classroom.
2020 Mosyle™ Corporation | Trusted by 14,000+ educational institutions across the globe