Enable DLP Agent access to Microsoft Office applications

After you enable MIP configuration for Microsoft Office applications in the agent configuration, endpoint users are prompted to allow the DLP Agent ('CUI' application) to access Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. If users do not grant application access, the MIP classification functionality does not work.
You can create an MDM configuration profile to enable the DLP Agent to access Microsoft Office applications without prompting users for permission. For illustration purposes, the following instructions assume that you plan to use Jamf, an IT management application.
When you copy and paste text into the
Receiver Code Requirement
box in Jamf, make sure that there are no line breaks.
  1. In Jamf, select a configuration profile.
  2. Navigate to
    Privacy Preferences Policy Control
    .
  3. Click
    Add
    .
  4. Under
    App Access
    , do the following:
    1. In the
      Identifier
      box, type
      com.microsoft.Word
      .
    2. In the
      Receiver Identifier Type
      menu, select
      Bundle ID
      .
    3. In the
      Receiver Code Requirement
      box, type
      identifier "com.microsoft.Word" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
      .
  5. Click
    Add
    .
  6. Under
    App Access
    , do the following:
    1. In the
      Identifier
      box, type
      com.microsoft.Excel
      .
    2. In the
      Receiver Identifier Type
      menu, select
      Bundle ID
      .
    3. In the
      Receiver Code Requirement
      box, type
      identifier "com.microsoft.Excel" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
      .
  7. Click
    Add
    .
  8. Under
    App Access
    , do the following:
    1. In the
      Identifier
      box, type
      com.microsoft.Powerpoint
      .
    2. In the
      Receiver Identifier Type
      menu, select
      Bundle ID
      .
    3. In the
      Receiver Code Requirement
      box, type
      identifier "com.microsoft.Powerpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = UBF8T346G9
      .
  9. Click
    Save
    .