Safari Extension state using declarative device management

So recently Intune add support for controlling safari web extension enablement using the new ddm configuration added in Macos 15, but unfortunately I can't make it work no matter what I try.

On the destination machine I see the that a user declaration for safari extension has been created, but there is not details on which extension they applied and it seems faulty (See attachment)

I have 2 questions:

  1. Has anyone managed to make it work?
  2. Is there a way to test this declaration like I can do with Mobile config by manually load it to the machine?

Thank you.

We suspect that the configuration being sent by the server is not valid. The formal schema for the configuration is here:

https://github.com/apple/device-management/blob/seed_iOS-18-1_macOS-15-1/declarative/declarations/configurations/safari.extensions.settings.yaml

Issues:

  1. To apply the settings to all extensions, the key in the ManagedExtensions dictionary must be set to *.

  2. To match all domains in AllowedDomains, set the value to *. The value in your screen shot seems to be trying to wildcard components of a URL, which is not correct.

  3. The State value in your screen shot appears to be Always On but the actual schema value needs to be AlwaysOn (no space). The Private Browsing value in your screen shot appears correct.

  4. it is also not clear what settings, if any, are being used for gram marly.

If you don't have direct control over the values going into the configuration, you will need to contact your server vendor and have them fix these issues.

Safari Extension state using declarative device management
 
 
Q