Hi Quinn, Further to the above, I created a DeveloperID Applications Certificate and signed the app and extension with these and was hopeful that I had worked out where I was going wrong. However, it still has the same unsatisfied entitlements error disallowing the extension. And these profiles are installed on my mac. Executable=/Applications/MDEndpointApp.app/Contents/Library/SystemExtensions/com.macrj.endpointapp.extension.systemextension/Contents/MacOS/com.macrj.endpointapp.extension Identifier=com.macrj.endpointapp.extension Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20500 size=779 flags=0x10000(runtime) hashes=13+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=9cacd40cb45bf4036e1764b6736f26eaf9dec721 CandidateCDHashFull sha256=9cacd40cb45bf4036e1764b6736f26eaf9dec72142c77f089b6387acf48edd4d Hash choices=sha256 CMSDigest=9cacd40cb45bf4036e1764b6736f26eaf9dec72142c77f089b6387acf48edd4d CMSDigestType=2 Launch Constraints: None CDHash=9cacd40cb45bf4036e1764b6736f26eaf9dec721 Signature size=4676 Authority=Developer ID Application: MACRJ PTY LIMITED (ZJ259UQ467) Authority=Developer ID Certification Authority Authority=Apple Root CA Signed Time=18 Dec 2022 at 20:46:56 Info.plist entries=22 TeamIdentifier=ZJ259UQ467 Runtime Version=13.1.0 Sealed Resources version=2 rules=13 files=1 Internal requirements count=1 size=224 [Dict] [Key] com.apple.application-identifier [Value] [String] 5P65THB9R3.com.macrj.endpointapp.extension [Key] com.apple.developer.endpoint-security.client [Value] [Bool] true [Key] com.apple.developer.team-identifier [Value] [String] ZJ259UQ467 [Key] com.apple.security.get-task-allow [Value] [Bool] true micheal-laptop:MDEndpointApp.app michealcumming$ and <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppIDName</key> <string>Endpoint Extension</string> <key>ApplicationIdentifierPrefix</key> <array> <string>5P65THB9R3</string> </array> <key>CreationDate</key> <date>2022-12-18T09:34:05Z</date> <key>Platform</key> <array> <string>OSX</string> </array> <key>IsXcodeManaged</key> <false/> <key>DeveloperCertificates</key> <array> <data>...</data> </array> <key>DER-Encoded-Profile</key> <data>...</data> <key>Entitlements</key> <dict> <key>com.apple.developer.usernotifications.time-sensitive</key> <true/> <key>com.apple.application-identifier</key> <string>5P65THB9R3.com.macrj.endpointapp.extension</string> <key>keychain-access-groups</key> <array> <string>5P65THB9R3.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>ZJ259UQ467</string> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> <key>ExpirationDate</key> <date>2040-12-13T09:34:05Z</date> <key>Name</key> <string>EndpointApp Extension Developer ID Profile</string> <key>ProvisionsAllDevices</key> <true/> <key>TeamIdentifier</key> <array> <string>ZJ259UQ467</string> </array> <key>TeamName</key> <string>MACRJ PTY LIMITED</string> <key>TimeToLive</key> <integer>6570</integer> <key>UUID</key> <string>199da2dc-655d-4aa5-b4bb-510409427b39</string> <key>Version</key> <integer>1</integer> </dict> </plist>micheal-laptop:MDEndpointApp.app michealcumming$

Thanks again Quinn. Here are the outputs. micheal-laptop:SystemExtensions michealcumming$ codesign -d -vvv --entitlements - ./com.macrj.endpointapp.extension.systemextension/ Executable=/Applications/MDEndpointApp.app/Contents/Library/SystemExtensions/com.macrj.endpointapp.extension.systemextension/Contents/MacOS/com.macrj.endpointapp.extension Identifier=com.macrj.endpointapp.extension Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20500 size=779 flags=0x10000(runtime) hashes=13+7 location=embedded Hash type=sha256 size=32 CandidateCDHash sha256=5466ea31139b1abd9b1d255065fada9a3b461cf4 CandidateCDHashFull sha256=5466ea31139b1abd9b1d255065fada9a3b461cf4c5fe9e0c9b4c6b39cb7aa4c9 Hash choices=sha256 CMSDigest=5466ea31139b1abd9b1d255065fada9a3b461cf4c5fe9e0c9b4c6b39cb7aa4c9 CMSDigestType=2 Launch Constraints: None CDHash=5466ea31139b1abd9b1d255065fada9a3b461cf4 Signature size=4789 Authority=Apple Development: Micheal CUMMING (A234YBYRB9) Authority=Apple Worldwide Developer Relations Certification Authority Authority=Apple Root CA Signed Time=15 Dec 2022 at 21:26:28 Info.plist entries=22 TeamIdentifier=ZJ259UQ467 Runtime Version=13.1.0 Sealed Resources version=2 rules=13 files=1 Internal requirements count=1 size=196 [Dict] [Key] com.apple.application-identifier [Value] [String] ZJ259UQ467.com.macrj.endpointapp.extension [Key] com.apple.developer.endpoint-security.client [Value] [Bool] true [Key] com.apple.developer.team-identifier [Value] [String] ZJ259UQ467 [Key] com.apple.security.get-task-allow [Value] [Bool] true micheal-laptop:SystemExtensions michealcumming$ and I could not make the plutil -p command work so just the security output minus the data; <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>AppIDName</key> <string>Xcode: Mac Wildcard AppID</string> <key>ApplicationIdentifierPrefix</key> <array> <string>ZJ259UQ467</string> </array> <key>CreationDate</key> <date>2022-12-12T06:08:48Z</date> <key>Platform</key> <array> <string>OSX</string> </array> <key>IsXcodeManaged</key> <true/> <key>DeveloperCertificates</key> <array> <data> ... </data> </array> <key>DER-Encoded-Profile</key> <data> ... </data> <key>Entitlements</key> <dict> <key>com.apple.application-identifier</key> <string>ZJ259UQ467.*</string> <key>keychain-access-groups</key> <array> <string>ZJ259UQ467.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>ZJ259UQ467</string> <key>com.apple.developer.ubiquity-kvstore-identifier</key> <string>ZJ259UQ467.*</string> <key>com.apple.developer.ubiquity-container-identifiers</key> <array> <string>ZJ259UQ467.*</string> </array> </dict> <key>ExpirationDate</key> <date>2023-12-12T06:08:48Z</date> <key>Name</key> <string>Mac Team Provisioning Profile: *</string> <key>ProvisionedDevices</key> <array> <string>43A3B49E-BC46-5646-8303-9415F06497EA</string> </array> <key>TeamIdentifier</key> <array> <string>ZJ259UQ467</string> </array> <key>TeamName</key> <string>MACRJ PTY LIMITED</string> <key>TimeToLive</key> <integer>365</integer> <key>UUID</key> <string>349e3364-e1f0-46e3-8822-9bde3e0ba378</string> <key>Version</key> <integer>1</integer> </dict> </plist>micheal-laptop:Contents michealcumming$

Hi Quinn, I appreciate the assistance and your patience. And I apologise, but I am still missing something. I have checked (see replies above), and both the app and extension have the com.apple.application-identifier entitlement as per the instructions you gave above with security cms -D -i etc. This shows me that it has been signed with the application-identifier entitlement. Correct? Additionally, I am trying to read the logs to further understand the problem. The logs are also showing the application-identifier entitlement. What else could be going wrong? `21:45:43.492074+1100 info amfid <Missing Description> amfid Entering OSX path for /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/MacOS/com.macrj.endpointapp.extension 21:45:43.492636+1100 debug Security dirval amfid entering /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension 21:45:43.492700+1100 debug Security dirval amfid entering /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents 21:45:43.492727+1100 debug Security dirval amfid leaving /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents 21:45:43.492748+1100 debug Security dirval amfid leaving /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension 21:45:43.492985+1100 debug Security unixio amfid open(/Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/MacOS/com.macrj.endpointapp.extension,0x0,0x1b6) = 3 21:45:43.493027+1100 debug Security unixio amfid open(/Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/MacOS/com.macrj.endpointapp.extension,0x0,0x1b6) = 4 21:45:43.493177+1100 debug Security machorep amfid 6563 signing bytes in 5 blob(s) from /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/MacOS/com.macrj.endpointapp.extension(x86_64) 21:45:43.493227+1100 debug Security cfloadfile amfid failed to fetch /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/_CodeSignature/CodeRequirements-1 error=-10 21:45:43.495776+1100 debug Security unixio amfid open(/Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/Info.plist,0x0,0x1b6) = 3 21:45:43.496146+1100 debug Security staticCode amfid 0x7fbb6ee080f8 done serializing <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.application-identifier</key><string>ZJ259UQ467.com.macrj.endpointapp.extension</string><key>com.apple.developer.endpoint-security.client</key><true/><key>com.apple.developer.team-identifier</key><string>ZJ259UQ467</string><key>com.apple.security.get-task-allow</key><true/></dict></plist> 21:45:43.496210+1100 debug Security notarization amfid Extracting ticket from bundle: /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension 21:45:43.496315+1100 debug Security cfloadfile amfid failed to fetch /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/_CodeSignature/CodeRepSpecific error=-10 21:45:43.496383+1100 debug Security cfloadfile amfid failed to fetch /Library/SystemExtensions/EFD29454-7AEC-43CF-85F6-6C189072A965/com.macrj.endpointapp.extension.systemextension/Contents/_CodeSignature/CodeTopDirectory error=-10 21:45:43.501909+1100 debug ConfigurationProfiles ProvisioningProfiles taskgated-helper entitlements: { "com.apple.developer.endpoint-security.client" = 1; "com.apple.developer.team-identifier" = ZJ259UQ467; } 21:45:43.501959+1100 debug ConfigurationProfiles ProvisioningProfiles taskgated-helper codeInfoIdentifier: com.macrj.endpointapp.extension 21:45:43.502396+1100 debug Network connection Core Sync nw_endpoint_handler_add_write_request [C395 IPv4#902f09ec:443 ready parent-flow (satisfied (Path is satisfied), interface: en0[802.11], ipv4, ipv6, dns)] connected_child_handles_requests 0 21:45:43.502233+1100 error ConfigurationProfiles ProvisioningProfiles taskgated-helper com.macrj.endpointapp.extension: Unsatisfied entitlements: com.apple.developer.endpoint-security.client 21:45:43.502265+1100 error ConfigurationProfiles ProvisioningProfiles taskgated-helper Disallowing: com.macrj.endpointapp.extension

Further to my testing. I downloaded the SampleCode, added the new extensionBundleId to the viewcontroller, add my team to codeSign, selected the notify_demo.c file and complied. Ran app and Installed extension. Only made the required changes to compile. The same error code comes up in the logs. 15:57:13.537163+1100 debug ConfigurationProfiles ProvisioningProfiles taskgated-helper codeInfoIdentifier: com.example.apple-samplecode.SampleEndpointAppZJ259UQ467.Extension 15:57:13.537476+1100 error ConfigurationProfiles ProvisioningProfiles taskgated-helper com.example.apple-samplecode.SampleEndpointAppZJ259UQ467.Extension: Unsatisfied entitlements: com.apple.developer.endpoint-security.client 15:57:13.537585+1100 error ConfigurationProfiles ProvisioningProfiles taskgated-helper Disallowing: com.example.apple-samplecode.SampleEndpointAppZJ259UQ467.Extension

Thank you Quinn, for your assistance. The results of using 'security cms' commands inspecting the compiled binary are below. I am unsure why macOS does not acknowledge them. App <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>content-filter-provider</string> <string>packet-tunnel-provider</string> <string>dns-proxy</string> <string>dns-settings</string> </array> <key>com.apple.application-identifier</key> <string>5P65THB9R3.com.macrj.endpointapp</string> <key>keychain-access-groups</key> <array> <string>5P65THB9R3.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>ZJ259UQ467</string> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict> Extension <dict> <key>com.apple.developer.usernotifications.time-sensitive</key> <true/> <key>com.apple.application-identifier</key> <string>5P65THB9R3.com.macrj.endpointapp.extension</string> <key>keychain-access-groups</key> <array> <string>5P65THB9R3.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>ZJ259UQ467</string> <key>com.apple.developer.endpoint-security.client</key> <true/> </dict>

Hi All, I have read all these posts, and I have confirmed that I have the developer entitlement, and it is present in the provisioning profile. When I look at the console, I get a very confusing set of log entries; 21:57:40.918215+1030 debug ConfigurationProfiles ProvisioningProfiles taskgated-helper entitlements: { "com.apple.developer.endpoint-security.client" = 1; "com.apple.developer.team-identifier" = **********; } 21:57:40.918256+1030 debug ConfigurationProfiles ProvisioningProfiles taskgated-helper codeInfoIdentifier: com.macrj.endpointapp.extension 21:57:40.918448+1030 error ConfigurationProfiles ProvisioningProfiles taskgated-helper com.macrj.endpointapp.extension: Unsatisfied entitlements: com.apple.developer.endpoint-security.client 21:57:40.918476+1030 error ConfigurationProfiles ProvisioningProfiles taskgated-helper Disallowing: com.macrj.endpointapp.extension I have managed to overcome a lot of hurdles to get to this point, but this one is a little confusing; any assistance would be appreciated.

For those who run into the same problem, here are the fixes you will need to make to the sample code work. Replace the bundleID of the app with your own. e.g. com.something.endpointApp Replace the bundleID of the extension to the same as the app bundleId but adding .Extension to it. e.g. com.something.endpointApp.Extension Update this line of code in the ViewController with your new extension bundleID. OSSystemExtensionRequest *req = [OSSystemExtensionRequest activationRequestForExtension:@"com.something.endpointApp.Extension" queue:dispatch_get_main_queue()];