MDM Permissions
If your computer is managed by your organization using MDM (Mobile Device Management), certain permissions and installations may be restricted. This guide explains how to get HintMint approved and running on managed devices.
Common Symptoms on Managed Devices
Corporate MDM profiles can interfere with HintMint in several ways. If your device is managed, you may encounter one or more of the following:
- Installation blocked -- macOS Gatekeeper or Windows AppLocker prevents HintMint from being installed or launched, showing a message that the app is not approved by your organization.
- Microphone access denied by policy -- The microphone permission toggle is greyed out in System Settings or Windows Privacy, meaning an administrator has restricted it.
- Screen recording permission unavailable -- On macOS, the Screen Recording section in Privacy & Security does not allow you to add HintMint, or the toggle resets after restart.
- Accessibility permission locked -- The Accessibility permission required for certain HintMint features cannot be granted because it is managed by a configuration profile.
Required Permissions
HintMint needs the following system permissions to function correctly. Share this list with your IT administrator when requesting approval.
macOS permissions
- Microphone -- Required to capture meeting audio from your device's input. Without this, HintMint cannot transcribe or analyze any meeting content.
- Screen Recording -- Required on macOS to capture system audio from meeting applications. This is how HintMint hears what other meeting participants say. HintMint does not record or store screen visuals.
- Accessibility -- Required for features like automatic meeting detection and overlay display. HintMint uses Accessibility APIs to detect when a meeting window is active.
- Network / Firewall -- HintMint needs outbound HTTPS access to api.hintmint.com and googleapis.com for transcription processing and calendar sync.
Windows permissions
- Microphone -- Must be enabled in Settings > Privacy & Security > Microphone for desktop apps.
- Audio loopback -- HintMint uses the Windows audio loopback API to capture system audio. No special permission is required unless Group Policy has restricted audio device access.
- Network access -- Outbound HTTPS to api.hintmint.com and googleapis.com must be allowed through the Windows Firewall and any corporate proxy.
- App execution -- If AppLocker or Windows Defender Application Control (WDAC) is active, HintMint's executable and code-signing certificate must be whitelisted.
Working with Your IT Team
Most MDM restrictions cannot be changed by the end user. You will need to work with your IT department to get HintMint approved. Here is a recommended approach:
Submit a software request
Use your organization's IT ticketing system (e.g., Jira Service Management, ServiceNow, or an internal help desk) to request approval for HintMint. Include the app name, version, download URL (hintmint.com/download), and a brief business justification explaining how the tool helps with meeting productivity.
Share the permissions list
Forward the permissions list from the section above to your IT administrator. Emphasize that HintMint does not record screen visuals despite requiring the Screen Recording permission on macOS -- it uses this entitlement solely for system audio capture, which is how macOS gates audio access for desktop apps.
Provide the code-signing details
Your IT team may need the code-signing certificate information to whitelist HintMint in AppLocker, WDAC, or Gatekeeper. The macOS app is signed and notarized by Apple under the developer ID 'HintMint Inc.' The Windows installer is signed with an EV code-signing certificate issued to 'HintMint Inc.' Your IT team can verify the signature by right-clicking the installer and selecting Properties > Digital Signatures.
Request a MDM configuration profile (macOS)
For macOS, ask your IT admin to push a Privacy Preferences Policy Control (PPPC) profile via your MDM solution (Jamf, Kandji, Mosyle, etc.) that pre-approves Microphone, Screen Recording, and Accessibility for the HintMint app bundle (com.hintmint.desktop). This allows the permissions to be granted without manual intervention.
Request Group Policy or Intune exceptions (Windows)
For Windows, ask your admin to add HintMint to the AppLocker allow list or create a WDAC supplemental policy. If your organization uses Microsoft Intune, the admin can deploy HintMint as a managed app and configure the necessary firewall rules in the Intune device configuration profile.
PPPC Profile Reference (macOS)
For IT administrators deploying via MDM, here are the key identifiers needed for the Privacy Preferences Policy Control profile:
- Bundle Identifier: com.hintmint.desktop
- Code Requirement: identifier "com.hintmint.desktop" and anchor apple generic and certificate leaf[subject.OU] = "HINTMINT1"
- Services to allow: Microphone, ScreenCapture, Accessibility, ListenEvent
- Authorization: Allow
Windows Enterprise Policy Reference
For Windows administrators managing devices through Group Policy or Intune:
- Publisher: O=HINTMINT INC., L=SAN FRANCISCO, S=CALIFORNIA, C=US
- Product name: HintMint
- Install path: %LOCALAPPDATA%\Programs\HintMint\
- Firewall rules: Allow outbound TCP 443 to *.hintmint.com and *.googleapis.com
- AppLocker path rule: %LOCALAPPDATA%\Programs\HintMint\*.exe -- Allow