Learn about Transparency, Consent, and Control in macOS
What is PPPC, TCC?
The Transparency, Consent, and Control framework (TCC) (first introduced in macOS Mojave) improves the security of macOS by requiring end users or administrators to approve (or pre-approve) an application's access to certain protected resources. These resources are known as "Services".
These Service items cover a range of granular permissions for accessing resources such as Contacts, Calendar, Photos, Desktop, and Documents folder. The Privacy Preferences Policy Control (PPPC) profile payload allows IT admins to pre-approve applications for certain Services.
Which PPPC options are "Deny" only?
The following Services can be denied by IT admins in macOS Catalina and later. If they are not denied by profile, they can be approved by an end user who is an admin.
- Microphone
- Camera
Which PPPC options are "Deny" or "Allow Standard User to Approve" only?
The following Services can be denied OR configured to allow standard users to approve them by IT admins in macOS Big Sur and later. If they are not denied by profile, they can be approved by an end user (who must be an admin if the TCC Control is not configured to "allow standard users to approve". In macOS Catalina, they can only be denied.
- Screen Recording
- Input Monitoring (ListenEvent)
How can I tell that my Privacy Preferences Policy Control (PPPC) profile payload is working?
App permissions that are configured via profile are not visually represented in the "Security & Privacy" pane of System Preferences. To see what app permissions are being remotely managed on a device locally and how, IT admins can open the System Information ("System Report" button when the "About this Mac" window is open) and click on "Profiles" in the left hand column. All profiles that contain a PPPC payload will show a "com.apple.TCC.configuration-profile-policy" entry beneath the profile when the caret icon to its left is clicked.
Are there any workarounds?
No, there is no workaround to bypass macOS PPPC protections.
How can I submit feedback?
Apple tracks feedback on these items from enterprise customers, and we encourage you to submit your feedback to Apple via the Feedback Assistant tool.
Ensure you Login with a Managed Apple ID from Apple Business Manager so that your feedback gets recorded properly as an enterprise customer.
You can access Feedback Assistant here https://feedbackassistant.apple.com/
We recommend that you categorize any request for this Feedback under Enterprise & Education > MDM.