When you install the 10.0.2 EAP on a macOS 11 Big Sur computer, you are presented with a dialog requesting access for SophosWebNetworkExtension to create a proxy configuration. Is there a way to eliminate this dialog with a configuration profile from an MDM?
Since you already have documentation for configuring options like this with Jamf Pro at https://community.sophos.com/intercept-x-endpoint/f/recommended-reads/116397/sophos-mac-endpoint-how-to-configure-jamf-privacy-preferences-for-10-15-compatibility, I am posting the correct keys for the 10.0.2 EAP to pre-approve the proxy configuration.
Within the same Configuration Profile, add a Content Filter payload (this requires Jamf Pro 10.26+) with the following keys and values configured:
| Filter Name | SophosWebNetworkExtension |
| Identifier | com.sophos.endpoint.network |
| Network Filter Bundle Identifier | com.sophos.endpoint.networkextension |
| Network Filter Designated Requirement | identifier "com.sophos.endpoint.networkextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774" |
Note that the Filter Name can be anything, but it is required.
Once the complete, the payload should look like this:
Since you already have documentation for configuring options like this with Jamf Pro at https://community.sophos.com/intercept-x-endpoint/f/recommended-reads/116397/sophos-mac-endpoint-how-to-configure-jamf-privacy-preferences-for-10-15-compatibility, I am posting the correct keys for the 10.0.2 EAP to pre-approve the proxy configuration.
Within the same Configuration Profile, add a Content Filter payload (this requires Jamf Pro 10.26+) with the following keys and values configured:
| Filter Name | SophosWebNetworkExtension |
| Identifier | com.sophos.endpoint.network |
| Network Filter Bundle Identifier | com.sophos.endpoint.networkextension |
| Network Filter Designated Requirement | identifier "com.sophos.endpoint.networkextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2H5GFH3774" |
Note that the Filter Name can be anything, but it is required.
Once the complete, the payload should look like this:
May someone please provide an xml version or a hint for Profile Editors of the settings for those of us who don´t use JAMF?
I tried to set up a configuration profile (with iMazing Profile Editor or Mac Server Profilemanager) using the given information. But it results in " Profile installation failed. The VPN Service payload could not be installed. The VPN service could not be created." The profile seems to try setting up something else... 
Thanks in advance!
May someone please provide an xml version or a hint for Profile Editors of the settings for those of us who don´t use JAMF?
I tried to set up a configuration profile (with iMazing Profile Editor or Mac Server Profilemanager) using the given information. But it results in " Profile installation failed. The VPN Service payload could not be installed. The VPN service could not be created." The profile seems to try setting up something else... Thanks in advance!
