The NetSupport DNA Mac Agent requires access to certain permissions for some features to function. You can apply the permissions the macOS DNA Agent uses either by an MDM deployment using the “NetSupportDNASecurityProfile.mobileconfig” (this can be found in the install directory, “/Applications/NetSupport/NetSupportDNA/SystemAgent”, of a machine you’ve installed the macOS DNA Agent on) or by using the permissions utility at the end of the installation process. For information on deploying the “NetSupportDNASecurityProfile.mobileconfig” via an MDM, please see our dedicated article on configuring and deploying the macOS DNA Agent:
When applying permissions via the “NetSupportDNASecurityProfile.mobileconfig” (using an MDM), the permissions will be applied at the system level. However, you should note that the “Screen Recording” permission cannot be set by the MDM “NetSupportDNASecurityProfile.mobileconfig” (this is a limitation of macOS). This means if you would like the macOS DNA Agent features that require this permission to function, you need to set the permission on the device manually using the permissions utility at the end of the installation (even if other permissions for the DNA Agent are applied to the device via an MDM).
Below is a list of permissions that the macOS DNA Agent uses and what features are affected by the permissions:
- Input Monitoring – Allows the DNA Agent to capture the keyboard, this is required for keyword monitoring.
- Accessibility – Allows the Agent to run and interact with the system.
- Screen Recording – Allows the DNA Console to view a thumbnail of the device, remote control to view the device, and to capture screenshots for eSafety triggered keywords.
- Automation – Allows the DNA Agent to get system events and access data from browsers (such as Safari, Chrome and Edge for Mac).
Note: The Automation permission can be unticked by the user without entering an admin password. Because of this, it’s recommended this permission is set via MDM.