I had huge trouble with this, making it perhaps worthy of a blog post. There’s a lot of very confusing terminology, and finding the right combination of Extension profile, Kernel Extension profile, System Extension profile and the PPPC profile was driving me mad.

Huge thanks to Kevin Ginger of kGinger Consulting for providing the eventual answer- and much simpler than Mosyle had offered!

First up, you need a Kernel Extension Profile that looks like this-

 

Mosyle KEXT Profile for GDFS

 

 

Then you need a Security & Privacy (PPPC) profile that looks like this

 

Mosyle PPPC Profile for GDFS

 

The text you can’t see fully is as follows-

identifier “com.google.drivefs” and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV

And that’s it! Sadly for me, because I spent weeks on it. Sigh.