Category Filter

How to configure Kernel Extension settings for Mac with Hexnode MDM

Kernel extensions are used to access or modify the core operating system components required to run an application. Using the Kernel extensions policy in Hexnode, you can configure the kernel extension settings for macOS devices. This feature is supported on devices running macOS 10.13.2 and above.

To configure macOS Kernel Extensions settings

    1. Navigate to the Policies tab on your Hexnode portal.
    2. Choose an existing policy or create a new policy by clicking on New Policy.
    3. Provide a suitable name for the policy if New Policy option is chosen.
    4. Select Kernel Extensions from macOS > Configurations.
    5. Click on Configure

You’ll have the following options to be configured.

User Override Enable User Overrides to allow users to approve kernel extensions that have not been whitelisted in the policy.
Team Identifiers Add Team IDs one by one. All kernel extensions signed by the listed Team IDs will be approved.

The Team ID must be alphanumeric with 10 characters. Eg. A1B2CD3E45

Kernel Extensions Provide the Team ID and Bundle ID to allow specific kernel extensions for each app.

For unsigned legacy kernel extensions, leave the Team Identifier blank.

Click on Save.

Associate target devices

If you haven’t saved your policy,

  1. Navigate to Policy Targets.
  2. Click on +Add devices to add the devices you wish to associate the policy to.
  3. Click Save.

If you have saved your policy,

  1. Navigate to Manage > Devices.
  2. Select the devices.
  3. Click on Actions > Associate Policy.
  4. Select the policy and click on Associate.


  1. Navigate to Policies.
  2. Search and select the policy you wish to associate the devices to.
  3. Click Manage > Associate Targets.
  4. Select the devices you wish to associate the policy to. You can also associate the policy to devices groups, users, user groups and even domains.
  5. Click on Associate.