• Carbon Black Cloud Console: All Versions
• Carbon Black Cloud Sensor: 3.1.x.x and higher
• MacOS: 10.13.x and higher

The Team ID and Bundle ID can be included in the MDM profile.  While the inclusion of the Bundle ID includes a reference to the Team ID, the Team ID may require a dedicated entry.  Please see the sample below for reference.  This sample includes only the data required in an MDM profile for approval of the Carbon Black Cloud Sensor version 3.1.x.x and higher KEXTs.  Additional required and optional parameters included with MDM profiles are covered in Apple's developer documentation under Related Content.
MDM content required:

\<plist version="1.0">
<dict>
    <key>AllowedTeamIdentifiers</key>
    <array>
        <string>7AGZNQ2S2T</string>
    </array>
    <key>AllowedKernelExtensions</key>
    <dict>
        <key>7AGZNQ2S2T</key>
        <array>
            <string>com.carbonblack.defense.kext</string>
        </array>
    </dict>
</dict>
</plist>

• Secure Kernel Extension Loading was introduced with macOS 10.13 High Sierra. As a result, the KEXT associated with the Cb Defense Sensor must either be manually approved by end users or pre-approved with an MDM profile.
• When Secure Kernel Extension Loading was first introduced in macOS 10.13.0, it was bypassed as long as the Mac was managed with any MDM profile. Beginning with macOS 10.13.4, MDM management alone is not sufficient. The Carbon Black Cloud Team ID and Bundle ID must be added to the profile for KEXT approval.
• The Team ID and Bundle ID vary depending on the Carbon Black Cloud Sensor version.
• Additional required and optional parameters included with MDM profiles are covered in Apple's developer documentation.