Managed Login Item
Last updated
Was this helpful?
Last updated
Was this helpful?
Starting with macOS Ventura (13), background items (such as LaunchDaemons) present user notifications and System Settings allows the user to easily disable background items. The Catalog Agent and Catalog App use a background item and users disabling it negatively impacts app-updates , the update schedule won't run and the Catalog App will not work at all. To make sure users cannot disable the background item, a Configuration Profile is needed to auto-approve and lock the background item. Most MDM solutions provide the ServiceManagementManagedLoginItems payload from the Apple MDM framework.
We recommend auto-approving based on Root3's TeamIdentifier to make sure all background items will run as expected and without any user approval required.
TeamIdentifier: 98LJ4XBGYK
Below an example Configuration Profiles is provided where the TeamIdentifier will be auto-approved and locked in System Settings. This auto-approves all background items from the App Catalog and Root3 and is the easiest.
If you prefer a different way of auto-approving background items, refer to the ServiceManagementManagedLoginItems payload from the Apple MDM framework and create your own tailored Configuration Profile.
Below is an example of the user notification and System Settings when there is no Configuration Profile added:
Catalog or Root3 B.V. is mentioned when the App Catalog is installed
System Settings allows the user to disable the Catalog when is has administrative privileges
Below is an example of the user notification and System Settings when there is a Configuration Profile in place:
The notification now show a generic message about background items managed by the organisation
System Settings shows the app but the user is unable to disable the background item
There are several ways to create a Configuration Profile for auto-approving a background item. Your MDM solution may support the payload to easily configure notifications in the user interface. If not, there are tools available that may help you creating a custom profile:
