Managing Safari Extensions in macOS Sequoia

Question

Created Jul ’24

Replies 5

Boosts 0

Participants 4

There is a change log in Safari 18 Beta mentioning that you can now via MDM control Safari's extensions state and make an extension be enabled after you've installed it - "Added support for Device Management of extension enabled state, private browsing state, and website access on Managed Devices. (113051857)"

However I could not find any documentation for it, I need to know what to set in my plist/mobileconfig file.

Does anyone know (or maybe apple is here as well and can help) where would this be documented?

Thanks!

Answered by Device Management Engineer in 796659022

Safari extensions can be managed via declarative device management (not a profile). Documentation for the new configuration will appear here: https://developer.apple.com/documentation/devicemanagement/safariextensionsettings.

The schema for the new configuration is here: [broken link removed; see below for the right one].

Boost

Answer 1

Device Management Engineer OP

Apple

Jul ’24

Accepted Answer

Safari extensions can be managed via declarative device management (not a profile). Documentation for the new configuration will appear here: https://developer.apple.com/documentation/devicemanagement/safariextensionsettings.

The schema for the new configuration is here: [broken link removed; see below for the right one].

0

Answer 2

SafariDever OP

Jul ’24

Thanks @Engineer for the speedy reply. The yaml file you added is not public but I see the documentation and I understand that my MDM provider will need to support this so I'll take this with them. Thank you.

0

Answer 3

Device Management Engineer OP

Apple

Jul ’24

Sorry, here is the correct public schema link:

https://github.com/apple/device-management/blob/seed_iOS-18.0_macOS-15.0/declarative/declarations/configurations/safari.extensions.settings.yaml

0

Answer 4

guyholl OP

Aug ’24

Hey, Im trying to test this on a mac with seqouia OS installed. I generate profile and load it manually, but it doesn't seems to work. The profile I loading is the following:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>PayloadType</key>
    <string>Configuration</string>
    <key>PayloadVersion</key>
    <integer>1</integer>
    <key>PayloadIdentifier</key>
    <string>com.test.safari.config</string>
    <key>PayloadUUID</key>
    <string>E60B9C54-4FF1-4A72-9D44-2B6A1CC4E73E</string>
    <key>PayloadDisplayName</key>
    <string>Safari configuration</string>
    <key>PayloadContent</key>
    <array>
      <dict>
        <key>PayloadType</key>
        <string>com.apple.configuration.safari.extensions.settings</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>PayloadIdentifier</key>
        <string>com.test.safari.config</string>
        <key>PayloadUUID</key>
        <string>E60B9C54-4FF1-4A72-9D44-2B6A1CC4E73E</string>
        <key>ManagedExtensions</key>
        <dict>
          <key>com.grammarly.safari.extension.ext2 (W8F64X92K3)</key>
          <dict>
            <key>State</key>
            <string>AlwaysOn</string>
            <key>PrivateBrowsing</key>
            <string>AlwaysOn</string>
            <key>AllowedDomains</key>
            <array>
              <string>*://*/*</string>
            </array>
          </dict>
        </dict>
      </dict>
    </array>
  </dict>
</plist>

But it doesn't seems to do anything. What am I missing? Can I test it this way or I have to go through MDM? Thank you.

1

Answer 5

this_username_did_not_exist OP

2d

For the record, Apple's support web pages are also broken when it comes to Safari Extensions.

Go to https://support.apple.com/en-gb/guide/deployment/welcome/web
Type Safari Extensions in the search field and run the search.
Click the link 'Safari extensions management declarative configuration for Apple devices'.

=> You're back to the Apple Platform Deployment home page.

:-(

0