I had huge trouble with this, making it perhaps worthy of a blog post. There’s a lot of very confusing terminology, and finding the right combination of Extension profile, Kernel Extension profile, System Extension profile and the PPPC profile was driving me mad.
Huge thanks to Kevin Ginger of kGinger Consulting for providing the eventual answer- and much simpler than Mosyle had offered!
First up, you need a Kernel Extension Profile that looks like this-
Then you need a Security & Privacy (PPPC) profile that looks like this
The text you can’t see fully is as follows-
identifier “com.google.drivefs” and anchor apple generic and certificate 1[field.1.2.840.1136184.108.40.206.6] /* exists */ and certificate leaf[field.1.2.840.1136220.127.116.11.13] /* exists */ and certificate leaf[subject.OU] = EQHXZ8M8AV
And that’s it! Sadly for me, because I spent weeks on it. Sigh.