How to handle configuration profile delivery failures for EPM macOS

This guide explains how to identify and fix configuration profile delivery failures for EPM macOS when installed through an MDM software.

This profile is responsible for enabling background services and applying the necessary permissions for the agent to function properly. Without it, EPM cannot start correctly.

Requirements

• EPM macOS agent installed via MDM. More information in How to install the EPM macOS agent via MDM.
• Configuration profile.
• Access to the macOS Terminal.

How to identify profile delivery failure

1. The issue occurs when the profile was not delivered or activated by the MDM.
2. The end-user cannot manually fix this because administrative privileges are not available.
3. Without the active profile, the background service of EPM does not start.

How to request profile re-delivery

1. Contact the support team responsible for managing the MDM tool.
2. Request that they resend the profile via the MDM tool.
3. Re-sending forces the delivery of the configuration profile to the device.

How to verify in macOS settings

1. Go to System Settings > Profiles.
2. Confirm whether the EPM macOS profile is listed.
3. If it is not listed, it means the profile was not delivered correctly.

How to check system extension via terminal

1. Open terminal and run: systemextensionsctl list
2. Check if the extension Segura EPM Endpoint Security Extension appears active and functional.
3. Absence of this extension indicates the profile was not applied.

How to inspect profile-triggered activations

When delivered correctly, the profile automatically enables configurations such as:

1. Enabled Endpoint Security extensions.
2. Configured Login Items.
3. Background execution permissions for the EPM client.