From 8f22710c878370211e5ca6d7f16f36bff17f85b5 Mon Sep 17 00:00:00 2001
From: Tony Eichelberger <tony.eichelberger@jamf.com>
Date: Thu, 29 Jan 2026 16:32:23 -0600
Subject: [PATCH 1/5] AI generated removal of the big sur compatibility logic.
 Needs vetted and tested

---
 PPPC UtilityTests/ModelTests/ModelTests.swift | 197 +-----------------
 Resources/Base.lproj/Main.storyboard          |  21 +-
 Source/Model/Model.swift                      |  52 +----
 .../TCCProfileViewController.swift            |  59 ------
 4 files changed, 12 insertions(+), 317 deletions(-)

diff --git a/PPPC UtilityTests/ModelTests/ModelTests.swift b/PPPC UtilityTests/ModelTests/ModelTests.swift
index a07cb54..85ea06e 100644
--- a/PPPC UtilityTests/ModelTests/ModelTests.swift	
+++ b/PPPC UtilityTests/ModelTests/ModelTests.swift	
@@ -130,7 +130,6 @@ class ModelTests: XCTestCase {
 
     func testExportProfileWithAppleEventsAndAuthorization() {
         // given
-        model.usingLegacyAllowKey = false
         let exe1 = Executable(identifier: "one", codeRequirement: "oneReq")
         let exe2 = Executable(identifier: "two", codeRequirement: "twoReq")
 
@@ -185,65 +184,6 @@ class ModelTests: XCTestCase {
         }
     }
 
-    func testExportProfileWithAppleEventsAndLegacyAllowed() {
-        // given
-        let exe1 = Executable(identifier: "one", codeRequirement: "oneReq")
-        let exe2 = Executable(identifier: "two", codeRequirement: "twoReq")
-
-        exe1.appleEvents = [AppleEventRule(source: exe1, destination: exe2, value: true)]
-        exe2.policy.SystemPolicyAllFiles = "Allow"
-
-        model.selectedExecutables = [exe1, exe2]
-        model.usingLegacyAllowKey = true
-
-        // when
-        let profile = model.exportProfile(organization: "Org", identifier: "ID", displayName: "Name", payloadDescription: "Desc")
-
-        // then check top level settings
-        XCTAssertEqual("Org", profile.organization)
-        XCTAssertEqual("ID", profile.identifier)
-        XCTAssertEqual("Name", profile.displayName)
-        XCTAssertEqual("Desc", profile.payloadDescription)
-        XCTAssertEqual("System", profile.scope)
-        XCTAssertEqual("Configuration", profile.type)
-        XCTAssertNotNil(profile.uuid)
-        XCTAssertEqual(1, profile.version)
-
-        // then check policy settings
-        // then verify the payload content top level
-        XCTAssertEqual(1, profile.content.count)
-        profile.content.forEach { content in
-            XCTAssertNotNil(content.uuid)
-            XCTAssertEqual(1, content.version)
-
-            // then verify the services
-            XCTAssertEqual(2, content.services.count)
-            let appleEvents = content.services["AppleEvents"]
-            XCTAssertNotNil(appleEvents)
-            let appleEventsPolicy = appleEvents?.first
-            XCTAssertEqual("one", appleEventsPolicy?.identifier)
-            XCTAssertEqual("oneReq", appleEventsPolicy?.codeRequirement)
-            XCTAssertEqual("bundleID", appleEventsPolicy?.identifierType)
-            XCTAssertEqual("two", appleEventsPolicy?.receiverIdentifier)
-            XCTAssertEqual("twoReq", appleEventsPolicy?.receiverCodeRequirement)
-            XCTAssertEqual("bundleID", appleEventsPolicy?.receiverIdentifierType)
-            XCTAssertTrue(appleEventsPolicy?.allowed == true)
-            XCTAssertNil(appleEventsPolicy?.authorization)
-
-            let allFiles = content.services["SystemPolicyAllFiles"]
-            XCTAssertNotNil(allFiles)
-            let allFilesPolicy = allFiles?.first
-            XCTAssertEqual("two", allFilesPolicy?.identifier)
-            XCTAssertEqual("twoReq", allFilesPolicy?.codeRequirement)
-            XCTAssertEqual("bundleID", allFilesPolicy?.identifierType)
-            XCTAssertNil(allFilesPolicy?.receiverIdentifier)
-            XCTAssertNil(allFilesPolicy?.receiverCodeRequirement)
-            XCTAssertNil(allFilesPolicy?.receiverIdentifierType)
-            XCTAssertTrue(allFilesPolicy?.allowed == true)
-            XCTAssertNil(allFilesPolicy?.authorization)
-        }
-    }
-
     // MARK: - tests for importProfile
 
     func testImportProfileUsingAuthorizationKeyAllow() {
@@ -330,11 +270,10 @@ class ModelTests: XCTestCase {
         XCTAssertEqual("Deny", model.selectedExecutables.first?.policy.SystemPolicyAllFiles)
     }
 
-    // MARK: - tests for profileToString
+    // MARK: - tests for policyFromString
 
-    func testPolicyWhenUsingAllowAndAuthorizationKey() {
+    func testPolicyWhenUsingAllow() {
         // given
-        model.usingLegacyAllowKey = false
         let app = Executable(identifier: "id", codeRequirement: "req")
 
         // when
@@ -347,7 +286,6 @@ class ModelTests: XCTestCase {
 
     func testPolicyWhenUsingDeny() {
         // given
-        model.usingLegacyAllowKey = false
         let app = Executable(identifier: "id", codeRequirement: "req")
 
         // when
@@ -360,7 +298,6 @@ class ModelTests: XCTestCase {
 
     func testPolicyWhenUsingAllowForStandardUsers() {
         // given
-        model.usingLegacyAllowKey = false
         let app = Executable(identifier: "id", codeRequirement: "req")
 
         // when
@@ -382,134 +319,4 @@ class ModelTests: XCTestCase {
         XCTAssertNil(policy, "should have not created the policy with an unknown value")
     }
 
-    func testPolicyWhenUsingLegacyDeny() {
-        // given
-        let app = Executable(identifier: "id", codeRequirement: "req")
-        model.usingLegacyAllowKey = true
-
-        // when
-        let policy = model.policyFromString(executable: app, value: "Deny")
-
-        // then
-        XCTAssertNil(policy?.authorization, "should not set authorization when in legacy mode")
-        XCTAssertEqual(policy?.allowed, false)
-    }
-
-    func testPolicyWhenUsingLegacyAllow() {
-        // given
-        let app = Executable(identifier: "id", codeRequirement: "req")
-        model.usingLegacyAllowKey = true
-
-        // when
-        let policy = model.policyFromString(executable: app, value: "Allow")
-
-        // then
-        XCTAssertNil(policy?.authorization, "should not set authorization when in legacy mode")
-        XCTAssertEqual(policy?.allowed, true)
-    }
-
-    // test for the unrecognized strings for both legacy and normal
-    func testPolicyWhenUsingLegacyAllowButNonLegacyValueUsed() {
-        // given
-        let app = Executable(identifier: "id", codeRequirement: "req")
-        model.usingLegacyAllowKey = true
-
-        // when
-        let policy = model.policyFromString(executable: app, value: "Let Standard Users Approve")
-
-        // then
-        XCTAssertNil(policy, "should have errored out because of an invalid value")
-    }
-
-    // MARK: - tests for requiresAuthorizationKey
-
-    func testWhenServiceIsUsingAllowStandarUsersToApprove() {
-        // given
-        let profile = TCCProfileBuilder().buildProfile(authorization: .allowStandardUserToSetSystemService)
-
-        // when
-        model.importProfile(tccProfile: profile)
-
-        // then
-        XCTAssertTrue(model.requiresAuthorizationKey())
-    }
-
-    func testWhenServiceIsUsingOnlyAllowKey() {
-        // given
-        let profile = TCCProfileBuilder().buildProfile(authorization: .allow)
-
-        // when
-        model.importProfile(tccProfile: profile)
-
-        // then
-        XCTAssertFalse(model.requiresAuthorizationKey())
-    }
-
-    func testWhenServiceIsUsingOnlyDenyKey() {
-        // given
-        let profile = TCCProfileBuilder().buildProfile(authorization: .deny)
-
-        // when
-        model.importProfile(tccProfile: profile)
-
-        // then
-        XCTAssertFalse(model.requiresAuthorizationKey())
-    }
-
-    // MARK: - tests for changeToUseLegacyAllowKey
-
-    func testChangingFromAuthorizationKeyToLegacyAllowKey() {
-        // given
-        let allowStandard = TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue
-        let exeSettings = ["AddressBook": "Allow", "ListenEvent": allowStandard, "ScreenCapture": allowStandard]
-        let model = ModelBuilder().addExecutable(settings: exeSettings).build()
-        model.usingLegacyAllowKey = false
-
-        // when
-        model.changeToUseLegacyAllowKey()
-
-        // then
-        XCTAssertEqual(1, model.selectedExecutables.count, "should have only one exe")
-        let policy = model.selectedExecutables.first?.policy
-        XCTAssertEqual("Allow", policy?.AddressBook)
-        XCTAssertEqual("-", policy?.Camera)
-        XCTAssertEqual("-", policy?.ListenEvent)
-        XCTAssertEqual("-", policy?.ScreenCapture)
-        XCTAssertTrue(model.usingLegacyAllowKey)
-    }
-
-    func testChangingFromAuthorizationKeyToLegacyAllowKeyWithMoreComplexVaues() {
-        // given
-        let allowStandard = TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue
-        let p1Settings = ["SystemPolicyAllFiles": "Allow",
-                           "ListenEvent": allowStandard,
-                           "ScreenCapture": "Deny",
-                           "Camera": "Deny"]
-
-        let p2Settings = ["SystemPolicyAllFiles": "Deny",
-                           "ScreenCapture": allowStandard,
-                           "Calendar": "Allow"]
-        let builder = ModelBuilder().addExecutable(settings: p1Settings)
-        model = builder.addExecutable(settings: p2Settings).build()
-        model.usingLegacyAllowKey = false
-
-        // when
-        model.changeToUseLegacyAllowKey()
-
-        // then
-        XCTAssertEqual(2, model.selectedExecutables.count, "should have only one exe")
-        let policy1 = model.selectedExecutables[0].policy
-        XCTAssertEqual("Allow", policy1.SystemPolicyAllFiles)
-        XCTAssertEqual("-", policy1.ListenEvent)
-        XCTAssertEqual("Deny", policy1.ScreenCapture)
-        XCTAssertEqual("Deny", policy1.Camera)
-
-        let policy2 = model.selectedExecutables[1].policy
-        XCTAssertEqual("Deny", policy2.SystemPolicyAllFiles)
-        XCTAssertEqual("-", policy2.ListenEvent)
-        XCTAssertEqual("-", policy2.ScreenCapture)
-        XCTAssertEqual("Allow", policy2.Calendar)
-        XCTAssertTrue(model.usingLegacyAllowKey)
-    }
-
 }
diff --git a/Resources/Base.lproj/Main.storyboard b/Resources/Base.lproj/Main.storyboard
index 76e1e55..bd1a5b6 100644
--- a/Resources/Base.lproj/Main.storyboard
+++ b/Resources/Base.lproj/Main.storyboard
@@ -2397,20 +2397,6 @@
                                     <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
                                 </textFieldCell>
                             </textField>
-                            <switch horizontalHuggingPriority="750" verticalHuggingPriority="750" baseWritingDirection="leftToRight" alignment="left" translatesAutoresizingMaskIntoConstraints="NO" id="SiC-OP-K6P">
-                                <rect key="frame" x="1350" y="652" width="42" height="25"/>
-                                <connections>
-                                    <action selector="toggleAuthorizationKeyUsage:" target="ZfI-PN-mks" id="8uJ-TA-vPn"/>
-                                </connections>
-                            </switch>
-                            <textField horizontalHuggingPriority="251" verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="P4p-7C-knr">
-                                <rect key="frame" x="1228" y="656" width="123" height="15"/>
-                                <textFieldCell key="cell" lineBreakMode="clipping" title="Big Sur Compatibility" id="22F-cE-hwd">
-                                    <font key="font" metaFont="cellTitle"/>
-                                    <color key="textColor" name="labelColor" catalog="System" colorSpace="catalog"/>
-                                    <color key="backgroundColor" name="textBackgroundColor" catalog="System" colorSpace="catalog"/>
-                                </textFieldCell>
-                            </textField>
                             <button verticalHuggingPriority="750" translatesAutoresizingMaskIntoConstraints="NO" id="jIB-Ce-nfY">
                                 <rect key="frame" x="1187" y="13" width="74" height="32"/>
                                 <buttonCell key="cell" type="push" title="Import" bezelStyle="rounded" alignment="center" borderStyle="border" imageScaling="proportionallyDown" inset="2" id="dRT-sQ-hbk">
@@ -2433,9 +2419,7 @@
                             <constraint firstAttribute="bottom" secondItem="Gwb-6x-mB1" secondAttribute="bottom" constant="20" id="8SN-fe-Ihh"/>
                             <constraint firstItem="RsL-5g-N88" firstAttribute="centerY" secondItem="v8I-Mx-BrF" secondAttribute="centerY" id="AsU-Vr-IoN"/>
                             <constraint firstItem="pHR-Fa-o0o" firstAttribute="leading" secondItem="bKS-CN-KZi" secondAttribute="leading" constant="21" id="AtX-pF-Pn9"/>
-                            <constraint firstItem="P4p-7C-knr" firstAttribute="leading" relation="greaterThanOrEqual" secondItem="zBr-K2-oEH" secondAttribute="trailing" constant="8" symbolic="YES" id="CCn-3z-wQM"/>
                             <constraint firstItem="96P-n0-YO3" firstAttribute="top" secondItem="bKS-CN-KZi" secondAttribute="top" constant="20" id="CWE-BE-Iga"/>
-                            <constraint firstItem="SiC-OP-K6P" firstAttribute="leading" secondItem="P4p-7C-knr" secondAttribute="trailing" constant="3" id="D26-B0-eoj"/>
                             <constraint firstItem="5hq-Rl-ues" firstAttribute="leading" secondItem="03S-CM-lPV" secondAttribute="trailing" constant="15" id="EHv-BX-sOY"/>
                             <constraint firstAttribute="bottom" secondItem="jIB-Ce-nfY" secondAttribute="bottom" constant="20" id="FTZ-cQ-BaB"/>
                             <constraint firstItem="03S-CM-lPV" firstAttribute="leading" secondItem="3Am-A7-MGr" secondAttribute="trailing" constant="12" id="GSZ-Pk-E5b"/>
@@ -2452,7 +2436,6 @@
                             <constraint firstItem="YNV-Zn-1jp" firstAttribute="leading" secondItem="JSo-Ex-mKB" secondAttribute="leading" id="dB2-pF-h9K"/>
                             <constraint firstAttribute="bottom" secondItem="03S-CM-lPV" secondAttribute="bottom" constant="90" id="dLI-ZX-EdF"/>
                             <constraint firstItem="3Am-A7-MGr" firstAttribute="top" secondItem="VBi-VJ-3w4" secondAttribute="bottom" constant="5" id="eKS-9Z-J2D"/>
-                            <constraint firstAttribute="trailing" secondItem="SiC-OP-K6P" secondAttribute="trailing" constant="20" id="eji-RX-K57"/>
                             <constraint firstItem="3Am-A7-MGr" firstAttribute="bottom" secondItem="dDB-re-qJn" secondAttribute="bottom" id="fMM-MI-13D"/>
                             <constraint firstItem="03S-CM-lPV" firstAttribute="width" secondItem="5hq-Rl-ues" secondAttribute="width" id="g5s-ug-Y6t"/>
                             <constraint firstAttribute="bottom" secondItem="wba-mI-3Kz" secondAttribute="bottom" constant="20" id="h5w-xf-7cn"/>
@@ -2460,10 +2443,9 @@
                             <constraint firstAttribute="trailing" secondItem="96P-n0-YO3" secondAttribute="trailing" id="jRF-ds-m0E"/>
                             <constraint firstAttribute="bottom" secondItem="RsL-5g-N88" secondAttribute="bottom" constant="61" id="jX5-qu-b9A"/>
                             <constraint firstItem="zBr-K2-oEH" firstAttribute="leading" relation="greaterThanOrEqual" secondItem="L3L-II-z9D" secondAttribute="trailing" constant="8" symbolic="YES" id="jo0-NQ-zc1"/>
-                            <constraint firstItem="5hq-Rl-ues" firstAttribute="top" secondItem="P4p-7C-knr" secondAttribute="bottom" constant="7" id="l7D-Ce-DTa"/>
+                            <constraint firstItem="5hq-Rl-ues" firstAttribute="top" secondItem="L3L-II-z9D" secondAttribute="bottom" constant="7" id="l7D-Ce-DTa"/>
                             <constraint firstItem="RsL-5g-N88" firstAttribute="top" secondItem="5hq-Rl-ues" secondAttribute="bottom" constant="8" id="pHo-Rk-OrR"/>
                             <constraint firstItem="v8I-Mx-BrF" firstAttribute="leading" secondItem="RsL-5g-N88" secondAttribute="trailing" constant="8" id="pVT-22-VSY"/>
-                            <constraint firstItem="5hq-Rl-ues" firstAttribute="top" secondItem="SiC-OP-K6P" secondAttribute="bottom" constant="5" id="rAP-R8-4al"/>
                             <constraint firstAttribute="trailing" secondItem="wba-mI-3Kz" secondAttribute="trailing" constant="18" id="rwL-U7-x5t"/>
                             <constraint firstItem="RsL-5g-N88" firstAttribute="leading" secondItem="dDB-re-qJn" secondAttribute="leading" id="vlB-ox-Uku"/>
                             <constraint firstItem="5hq-Rl-ues" firstAttribute="top" secondItem="03S-CM-lPV" secondAttribute="top" id="xkQ-C1-VJt"/>
@@ -2491,7 +2473,6 @@
                         <outlet property="allFilesStackView" destination="PKW-Wz-1vE" id="ZUk-ek-82t"/>
                         <outlet property="appleEventsAC" destination="qGh-WP-H0J" id="Yxo-OD-XI3"/>
                         <outlet property="appleEventsTable" destination="dDB-re-qJn" id="5g0-oE-XOS"/>
-                        <outlet property="authorizationKeySwitch" destination="SiC-OP-K6P" id="Y1H-fD-vIY"/>
                         <outlet property="calendarHelpButton" destination="tva-g6-iKu" id="l9S-mU-Mea"/>
                         <outlet property="calendarPopUp" destination="bSe-hT-Ah8" id="mjo-yN-eWq"/>
                         <outlet property="calendarPopUpAC" destination="2dL-gR-cae" id="I88-mv-eOh"/>
diff --git a/Source/Model/Model.swift b/Source/Model/Model.swift
index 7600d15..e067eee 100644
--- a/Source/Model/Model.swift
+++ b/Source/Model/Model.swift
@@ -30,8 +30,6 @@ import OSLog
 
 @objc class Model: NSObject {
 
-    var usingLegacyAllowKey = true
-
     @objc dynamic var current: Executable?
     @objc dynamic static let shared = Model()
     @objc dynamic var identities: [SigningIdentity] = []
@@ -93,27 +91,6 @@ typealias LoadExecutableCompletion = ((LoadExecutableResult) -> Void)
 
 extension Model {
 
-    func requiresAuthorizationKey() -> Bool {
-        return selectedExecutables.contains { exe -> Bool in
-            return exe.policy.allPolicyValues().contains { value -> Bool in
-                return value == TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue
-            }
-        }
-    }
-
-    /// Will convert any Authorization key values to the legacy Allowed key
-    func changeToUseLegacyAllowKey() {
-        usingLegacyAllowKey = true
-        selectedExecutables.forEach { exe in
-            if exe.policy.ListenEvent == TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue {
-                exe.policy.ListenEvent = "-"
-            }
-            if exe.policy.ScreenCapture == TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue {
-                exe.policy.ScreenCapture = "-"
-            }
-        }
-    }
-
     // TODO - refactor this method so it isn't so complex
     // swiftlint:disable:next cyclomatic_complexity
     func loadExecutable(url: URL, completion: @escaping LoadExecutableCompletion) {
@@ -248,26 +225,15 @@ extension Model {
                          codeRequirement: executable.codeRequirement,
                          receiverIdentifier: event?.destination.identifier,
                          receiverCodeRequirement: event?.destination.codeRequirement)
-        if usingLegacyAllowKey {
-            switch value {
-            case TCCProfileDisplayValue.allow.rawValue:
-                policy.allowed = true
-            case TCCProfileDisplayValue.deny.rawValue:
-                policy.allowed = false
-            default:
-                return nil
-            }
-        } else {
-            switch value {
-            case TCCProfileDisplayValue.allow.rawValue:
-                policy.authorization = .allow
-            case TCCProfileDisplayValue.deny.rawValue:
-                policy.authorization = .deny
-            case TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue:
-                policy.authorization = .allowStandardUserToSetSystemService
-            default:
-                return nil
-            }
+        switch value {
+        case TCCProfileDisplayValue.allow.rawValue:
+            policy.authorization = .allow
+        case TCCProfileDisplayValue.deny.rawValue:
+            policy.authorization = .deny
+        case TCCProfileDisplayValue.allowStandardUsersToApprove.rawValue:
+            policy.authorization = .allowStandardUserToSetSystemService
+        default:
+            return nil
         }
         return policy
     }
diff --git a/Source/View Controllers/TCCProfileViewController.swift b/Source/View Controllers/TCCProfileViewController.swift
index 835439a..cad84af 100644
--- a/Source/View Controllers/TCCProfileViewController.swift	
+++ b/Source/View Controllers/TCCProfileViewController.swift	
@@ -132,7 +132,6 @@ class TCCProfileViewController: NSViewController {
     @IBOutlet weak var addAppleEventButton: NSButton!
     @IBOutlet weak var removeAppleEventButton: NSButton!
     @IBOutlet weak var removeExecutableButton: NSButton!
-    @IBOutlet weak var authorizationKeySwitch: NSSwitch!
 
     @IBAction func addToProfile(_ sender: NSButton) {
         promptForExecutables {
@@ -148,37 +147,6 @@ class TCCProfileViewController: NSViewController {
 
     let logger = Logger.TCCProfileViewController
 
-    private func toggleAuthorizationKey(theSwitch: NSSwitch, showAlert: Bool) {
-        switch theSwitch.state {
-        case .on:
-            if model.usingLegacyAllowKey && showAlert {
-                let message = """
-                Enabling Big Sur Compatibility will require the profile to be installed on macOS versions Big Sur (11.0) or greater.
-
-                Deploying this profile to computers with macOS 10.15 or earlier will result in an error.
-                """
-                Alert().display(header: "Compatibility Warning", message: message)
-            }
-            model.usingLegacyAllowKey = false
-        default:
-            var allowToggle = true
-            if model.requiresAuthorizationKey() && showAlert {
-                let message = "Disabling Big Sur Compatibility will cause some settings you configured to be lost."
-                allowToggle = Alert().displayWithCancel(header: "Compatibility Warning", message: message)
-            }
-            if allowToggle {
-                model.changeToUseLegacyAllowKey()
-            } else {
-                theSwitch.state = .on
-                model.usingLegacyAllowKey = false
-            }
-        }
-    }
-
-    @IBAction func toggleAuthorizationKeyUsage(_ sender: NSSwitch) {
-        toggleAuthorizationKey(theSwitch: sender, showAlert: true)
-    }
-
 	@IBAction func uploadAction(_ sender: NSButton) {
 		let identities: [SigningIdentity]
 		do {
@@ -206,13 +174,6 @@ class TCCProfileViewController: NSViewController {
         alertWindow.beginSheetModal(for: window)
     }
 
-    func turnOnBigSurCompatibilityIfImportedProfileNeedsTo() {
-        if model.requiresAuthorizationKey() {
-            authorizationKeySwitch.state = .on
-            toggleAuthorizationKey(theSwitch: authorizationKeySwitch, showAlert: false)
-        }
-    }
-
     @IBAction func importProfile(_ sender: NSButton) {
         guard let window = self.view.window else {
             return
@@ -226,7 +187,6 @@ class TCCProfileViewController: NSViewController {
             switch tccProfileResult {
             case .success(let tccProfile):
                 weakSelf.model.importProfile(tccProfile: tccProfile)
-                weakSelf.turnOnBigSurCompatibilityIfImportedProfileNeedsTo()
             case .failure(let tccProfileImportError):
                 if !tccProfileImportError.isCancelled {
                     weakSelf.showAlert(tccProfileImportError, for: window)
@@ -269,13 +229,6 @@ class TCCProfileViewController: NSViewController {
         .urlReadingContentsConformToTypes: [ kUTTypeBundle, kUTTypeUnixExecutable ]
     ]
 
-    @IBAction func checkForAuthorizationFeaturesUsed(_ sender: NSPopUpButton) {
-        if model.requiresAuthorizationKey() {
-            authorizationKeySwitch.state = .on
-            toggleAuthorizationKeyUsage(authorizationKeySwitch)
-        }
-    }
-
     override func viewDidLoad() {
         super.viewDidLoad()
 
@@ -299,7 +252,6 @@ class TCCProfileViewController: NSViewController {
 
         setupStandardUserAllowAndDeny(policies: [screenCapturePopUpAC,
                                                  listenEventPopUpAC])
-        setupActionForStandardUserAllowedDropDowns(dropDowns: [listenEventPopUp, screenCapturePopUp])
 
         setupDenyOnly(policies: [cameraPopUpAC,
                                  microphonePopUpAC])
@@ -322,23 +274,12 @@ class TCCProfileViewController: NSViewController {
         executablesTable.dataSource = self
         appleEventsTable.registerForDraggedTypes([.fileURL])
         appleEventsTable.dataSource = self
-
-        authorizationKeySwitch.state = model.usingLegacyAllowKey ? .off : .on
     }
 
     @IBAction func showHelpMessage(_ sender: InfoButton) {
         sender.showHelpMessage()
     }
 
-    /// Setup actions to display a warning when certain values are selected
-    /// that are not supported on all macOS versions
-    /// - Parameter dropDowns: NSPopupButtons to add the action to
-    private func setupActionForStandardUserAllowedDropDowns(dropDowns: [NSPopUpButton]) {
-        dropDowns.forEach { popup in
-            popup.action = #selector(self.checkForAuthorizationFeaturesUsed(_:))
-        }
-    }
-
     private func setupStandardUserAllowAndDeny(policies: [NSArrayController]) {
         for policy in policies {
             policy.add(contentsOf: ["-",

From bcb3a12c415ab1247578407d80feb12cc8dbde9c Mon Sep 17 00:00:00 2001
From: JJ Pritzl <jj.pritzl@jamf.com>
Date: Tue, 10 Mar 2026 11:09:33 -0500
Subject: [PATCH 2/5] big-sur story/JPCFM-5531 Add minor changes to update
 minimum supported OS and remove remaining Big Sur things

---
 .github/workflows/tests.yml                   |  9 +++-
 CHANGELOG.md                                  |  3 +-
 PPPC Utility.xcodeproj/project.pbxproj        |  8 +--
 .../ModelTests/PPPCServicesManagerTests.swift |  2 +-
 README.md                                     |  2 +-
 Resources/PPPCServices.json                   |  4 +-
 Source/Model/PPPCServiceInfo.swift            |  2 +-
 .../URLSessionAsyncCompatibility.swift        | 52 -------------------
 8 files changed, 17 insertions(+), 65 deletions(-)
 delete mode 100644 Source/Networking/URLSessionAsyncCompatibility.swift

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index d5d148e..7b2c8a5 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -15,11 +15,18 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      - name: Run unit tests
+      - name: Run unit tests with code coverage
         run: |
           xcodebuild test \
             -project "PPPC Utility.xcodeproj" \
             -scheme "PPPC Utility" \
             -destination "platform=macOS" \
+            -enableCodeCoverage YES \
+            -resultBundlePath TestResults.xcresult \
             CODE_SIGN_IDENTITY="-" \
             CODE_SIGNING_REQUIRED=NO
+
+      - name: Display code coverage summary
+        if: always()
+        run: |
+          xcrun xccov view --report TestResults.xcresult | grep -E "^[A-Z].*\.app|PPPC-Utility/Source"
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 81b4616..3819149 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,7 +13,8 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 ### Changed
 - Update print and os_log calls to the modern OSLog class calls for updated logging. ([Issue #112](https://github.com/jamf/PPPC-Utility/issues/112)) [@SkylerGodfrey](https://github.com/SkylerGodfrey)
 - Now using [Haversack](https://github.com/jamf/Haversack) for simplified access to the keychain ([Issue #124](https://github.com/jamf/PPPC-Utility/issues/124)) [@macblazer](https://github.com/macblazer).
-- PPPC Utility now requires macOS 11+ to run.  It can still produce profiles usable on older versions of macOS.
+- PPPC Utility now requires macOS 13+ to run.  It can still produce profiles usable on older versions of macOS.
+- Removed Big Sur compatibility toggle and legacy `Allowed` key support.  The `Authorization` key is now always used.
 
 ## [1.5.0] - 2022-10-04
 
diff --git a/PPPC Utility.xcodeproj/project.pbxproj b/PPPC Utility.xcodeproj/project.pbxproj
index 660a02b..7161580 100644
--- a/PPPC Utility.xcodeproj/project.pbxproj	
+++ b/PPPC Utility.xcodeproj/project.pbxproj	
@@ -59,7 +59,6 @@
 		C0EE9A7D28639BF800738B6B /* TestTCCProfileForJamfProAPI.txt in Resources */ = {isa = PBXBuildFile; fileRef = C0EE9A7C28639BF800738B6B /* TestTCCProfileForJamfProAPI.txt */; };
 		C0EE9A7F2863BDE300738B6B /* JamfProAPITypes.swift in Sources */ = {isa = PBXBuildFile; fileRef = C0EE9A7E2863BDE300738B6B /* JamfProAPITypes.swift */; };
 		C0EE9A812863BE2B00738B6B /* NetworkAuthManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = C0EE9A802863BE2B00738B6B /* NetworkAuthManager.swift */; };
-		C0EE9A832863BEEB00738B6B /* URLSessionAsyncCompatibility.swift in Sources */ = {isa = PBXBuildFile; fileRef = C0EE9A822863BEEB00738B6B /* URLSessionAsyncCompatibility.swift */; };
 /* End PBXBuildFile section */
 
 /* Begin PBXContainerItemProxy section */
@@ -131,7 +130,6 @@
 		C0EE9A7C28639BF800738B6B /* TestTCCProfileForJamfProAPI.txt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = TestTCCProfileForJamfProAPI.txt; sourceTree = "<group>"; };
 		C0EE9A7E2863BDE300738B6B /* JamfProAPITypes.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = JamfProAPITypes.swift; sourceTree = "<group>"; };
 		C0EE9A802863BE2B00738B6B /* NetworkAuthManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = NetworkAuthManager.swift; sourceTree = "<group>"; };
-		C0EE9A822863BEEB00738B6B /* URLSessionAsyncCompatibility.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = URLSessionAsyncCompatibility.swift; sourceTree = "<group>"; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -324,7 +322,6 @@
 				C03270BF28636397008B38E0 /* JamfProAPIClient.swift */,
 				C0EE9A7E2863BDE300738B6B /* JamfProAPITypes.swift */,
 				C05844B72AD4512D00141353 /* Token.swift */,
-				C0EE9A822863BEEB00738B6B /* URLSessionAsyncCompatibility.swift */,
 			);
 			path = Networking;
 			sourceTree = "<group>";
@@ -535,7 +532,6 @@
 				6E6216F9215321CE0043DF18 /* OpenViewController.swift in Sources */,
 				C05844B82AD4512D00141353 /* Token.swift in Sources */,
 				6EC40A10214DE3B200BE4F17 /* Executable.swift in Sources */,
-				C0EE9A832863BEEB00738B6B /* URLSessionAsyncCompatibility.swift in Sources */,
 				C0EE9A812863BE2B00738B6B /* NetworkAuthManager.swift in Sources */,
 				6EC40A16214ECF1E00BE4F17 /* SaveViewController.swift in Sources */,
 				C05844BE2AD45F7900141353 /* UploadInfoView.swift in Sources */,
@@ -667,7 +663,7 @@
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
 				IBSC_NOTICES = NO;
-				MACOSX_DEPLOYMENT_TARGET = 11.0;
+				MACOSX_DEPLOYMENT_TARGET = 13.0;
 				MTL_ENABLE_DEBUG_INFO = INCLUDE_SOURCE;
 				MTL_FAST_MATH = YES;
 				ONLY_ACTIVE_ARCH = YES;
@@ -723,7 +719,7 @@
 				GCC_WARN_UNUSED_FUNCTION = YES;
 				GCC_WARN_UNUSED_VARIABLE = YES;
 				IBSC_NOTICES = NO;
-				MACOSX_DEPLOYMENT_TARGET = 11.0;
+				MACOSX_DEPLOYMENT_TARGET = 13.0;
 				MTL_ENABLE_DEBUG_INFO = NO;
 				MTL_FAST_MATH = YES;
 				SDKROOT = macosx;
diff --git a/PPPC UtilityTests/ModelTests/PPPCServicesManagerTests.swift b/PPPC UtilityTests/ModelTests/PPPCServicesManagerTests.swift
index 767cdae..d92bc82 100644
--- a/PPPC UtilityTests/ModelTests/PPPCServicesManagerTests.swift	
+++ b/PPPC UtilityTests/ModelTests/PPPCServicesManagerTests.swift	
@@ -82,7 +82,7 @@ class PPPCServicesManagerTests: XCTestCase {
         let service = try XCTUnwrap(services.allServices["ScreenCapture"])
 
         // when
-        let actual = try XCTUnwrap(service.allowStandardUsersMacOS11Plus)
+        let actual = try XCTUnwrap(service.allowStandardUsers)
 
         // then
         XCTAssertTrue(actual)
diff --git a/README.md b/README.md
index 8354018..1ce0ce9 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 
 [logo]: /Resources/Assets.xcassets/AppIcon.appiconset/PPPC_Logo_32%402x.png "PPPC Utility"
 
-PPPC Utility is a macOS (10.15 and newer) application for creating configuration profiles containing the Privacy Preferences Policy Control payload for macOS. The profiles can be saved locally, signed or unsigned. Profiles can also be uploaded directly to a Jamf Pro server.
+PPPC Utility is a macOS (13.0 and newer) application for creating configuration profiles containing the Privacy Preferences Policy Control payload for macOS. The profiles can be saved locally, signed or unsigned. Profiles can also be uploaded directly to a Jamf Pro server.
 
 All changes to the application are tracked in [the changelog](https://github.com/jamf/PPPC-Utility/blob/master/CHANGELOG.md).
 
diff --git a/Resources/PPPCServices.json b/Resources/PPPCServices.json
index 2a506a5..72d6410 100644
--- a/Resources/PPPCServices.json
+++ b/Resources/PPPCServices.json
@@ -90,7 +90,7 @@
             "com.apple.vm.device-access"
         ],
         "denyOnly": true,
-        "allowStandardUsersMacOS11Plus": true
+        "allowStandardUsers": true
     },
     {
         "mdmKey": "MediaLibrary",
@@ -163,7 +163,7 @@
         "englishName": "Screen Recording",
         "englishDescription": "Deny specified apps access to capture (read) the contents of the system display.",
         "denyOnly": true,
-        "allowStandardUsersMacOS11Plus": true
+        "allowStandardUsers": true
     },
     {
         "mdmKey": "SpeechRecognition",
diff --git a/Source/Model/PPPCServiceInfo.swift b/Source/Model/PPPCServiceInfo.swift
index c940d96..fad2e96 100644
--- a/Source/Model/PPPCServiceInfo.swift
+++ b/Source/Model/PPPCServiceInfo.swift
@@ -34,7 +34,7 @@ struct PPPCServiceInfo: Decodable {
     let englishDescription: String
     let entitlements: [String]?
     let denyOnly: Bool?
-    let allowStandardUsersMacOS11Plus: Bool?
+    let allowStandardUsers: Bool?
 
     var userHelp: String {
         if let entitlements = entitlements {
diff --git a/Source/Networking/URLSessionAsyncCompatibility.swift b/Source/Networking/URLSessionAsyncCompatibility.swift
deleted file mode 100644
index 5f38e53..0000000
--- a/Source/Networking/URLSessionAsyncCompatibility.swift
+++ /dev/null
@@ -1,52 +0,0 @@
-//
-//  URLSessionAsyncCompatibility.swift
-//  Based on AsyncCompatibilityKit's URLSession+Async.swift which is
-//  Copyright (c) John Sundell 2021
-//  MIT license, see LICENSE.md file for details
-//
-//  Change from AsyncCompatibilityKit: Modified the `@available` line to be deprecated in macOS 12 instead of iOS 15.
-//
-
-import Foundation
-
-@available(macOS, deprecated: 12.0, message: "AsyncCompatibilityKit is only useful when targeting macOS versions earlier than 12")
-public extension URLSession {
-    /// Start a data task with a URL using async/await.
-    /// - parameter url: The URL to send a request to.
-    /// - returns: A tuple containing the binary `Data` that was downloaded,
-    ///   as well as a `URLResponse` representing the server's response.
-    /// - throws: Any error encountered while performing the data task.
-    func data(from url: URL) async throws -> (Data, URLResponse) {
-        try await data(for: URLRequest(url: url))
-    }
-
-    /// Start a data task with a `URLRequest` using async/await.
-    /// - parameter request: The `URLRequest` that the data task should perform.
-    /// - returns: A tuple containing the binary `Data` that was downloaded,
-    ///   as well as a `URLResponse` representing the server's response.
-    /// - throws: Any error encountered while performing the data task.
-    func data(for request: URLRequest) async throws -> (Data, URLResponse) {
-        var dataTask: URLSessionDataTask?
-        let onCancel = { dataTask?.cancel() }
-
-        return try await withTaskCancellationHandler(
-			operation: {
-				try await withCheckedThrowingContinuation { continuation in
-					dataTask = self.dataTask(with: request) { data, response, error in
-						guard let data = data, let response = response else {
-							let error = error ?? URLError(.badServerResponse)
-							return continuation.resume(throwing: error)
-						}
-
-						continuation.resume(returning: (data, response))
-					}
-
-					dataTask?.resume()
-				}
-			},
-			onCancel: {
-				onCancel()
-            }
-        )
-    }
-}

From 5efa22658f0424ccd4236fbff042e6252a9cd465 Mon Sep 17 00:00:00 2001
From: JJ Pritzl <jj.pritzl@jamf.com>
Date: Tue, 10 Mar 2026 13:11:49 -0500
Subject: [PATCH 3/5] big-sur story/JPCFM-5531 Remove swiftlint disable call
 due to reduced file length

---
 Source/View Controllers/TCCProfileViewController.swift | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Source/View Controllers/TCCProfileViewController.swift b/Source/View Controllers/TCCProfileViewController.swift
index cad84af..30e7a9e 100644
--- a/Source/View Controllers/TCCProfileViewController.swift	
+++ b/Source/View Controllers/TCCProfileViewController.swift	
@@ -24,7 +24,6 @@
 //  OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
 //  SOFTWARE.
 //
-// swiftlint:disable file_length
 
 import Cocoa
 import OSLog

From 93ed2bea48f110fce523334ac571a6a7f959fbb2 Mon Sep 17 00:00:00 2001
From: JJ Pritzl <jj.pritzl@jamf.com>
Date: Fri, 13 Mar 2026 11:57:16 -0500
Subject: [PATCH 4/5] big-sur story/JPCFM-5531 Add Copilot suggestion for
 generating test results

---
 .github/workflows/tests.yml | 19 ++++++++++++++++++-
 1 file changed, 18 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index 7b2c8a5..dd554f2 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -29,4 +29,21 @@ jobs:
       - name: Display code coverage summary
         if: always()
         run: |
-          xcrun xccov view --report TestResults.xcresult | grep -E "^[A-Z].*\.app|PPPC-Utility/Source"
+          if [ ! -d TestResults.xcresult ]; then
+            echo "Coverage bundle 'TestResults.xcresult' not found; skipping coverage summary."
+            exit 0
+          fi
+          # Generate coverage report; capture output while still printing it
+          echo "Generating coverage report from TestResults.xcresult..."
+          if ! xcrun xccov view --report TestResults.xcresult | tee coverage-report.txt; then
+            echo "Failed to generate coverage report with xccov; printing any captured output and continuing."
+            cat coverage-report.txt 2>/dev/null || true
+            exit 0
+          fi
+          echo
+          echo "Filtered coverage summary (matching app targets or PPPC-Utility/Source):"
+          if ! grep -E '^[A-Z].*\.app|PPPC-Utility/Source' coverage-report.txt; then
+            echo
+            echo "No matching coverage lines found; displaying full coverage report instead."
+            cat coverage-report.txt
+          fi

From dc8df6317772310422e9b4dea09b3dd17b07b100 Mon Sep 17 00:00:00 2001
From: JJ Pritzl <jj.pritzl@jamf.com>
Date: Fri, 13 Mar 2026 12:19:49 -0500
Subject: [PATCH 5/5] big-sur story/JPCFM-5531 Add Copilot refactor to
 loadExecutable function

---
 Source/Model/Model.swift | 96 +++++++++++++++++++++++++---------------
 1 file changed, 60 insertions(+), 36 deletions(-)

diff --git a/Source/Model/Model.swift b/Source/Model/Model.swift
index e067eee..327029d 100644
--- a/Source/Model/Model.swift
+++ b/Source/Model/Model.swift
@@ -91,48 +91,18 @@ typealias LoadExecutableCompletion = ((LoadExecutableResult) -> Void)
 
 extension Model {
 
-    // TODO - refactor this method so it isn't so complex
-    // swiftlint:disable:next cyclomatic_complexity
     func loadExecutable(url: URL, completion: @escaping LoadExecutableCompletion) {
         let executable = Executable()
 
         if let bundle = Bundle(url: url) {
-            guard let identifier = bundle.bundleIdentifier else {
-                return completion(.failure(.identifierNotFound))
-            }
-            executable.identifier = identifier
-            let info = bundle.infoDictionary
-            executable.displayName = (info?["CFBundleName"] as? String) ?? executable.identifier
-            if let resourcesURL = bundle.resourceURL {
-                if let definedIconFile = info?["CFBundleIconFile"] as? String {
-                    var iconURL = resourcesURL.appendingPathComponent(definedIconFile)
-                    if iconURL.pathExtension.isEmpty {
-                        iconURL.appendPathExtension("icns")
-                    }
-                    executable.iconPath = iconURL.path
-                } else {
-                    executable.iconPath = resourcesURL.appendingPathComponent("DefaultAppIcon.icns").path
-                }
-
-                if !FileManager.default.fileExists(atPath: executable.iconPath) {
-                    switch url.pathExtension {
-                    case "app":
-                        executable.iconPath = IconFilePath.application
-                    case "bundle":
-                        executable.iconPath = IconFilePath.kext
-                    case "xpc":
-                        executable.iconPath = IconFilePath.kext
-                    default:
-                        executable.iconPath = IconFilePath.unknown
-                    }
-                }
-            } else {
-                return completion(.failure(.resourceURLNotFound))
+            switch populateFromBundle(executable, bundle: bundle, url: url) {
+            case .failure(let error):
+                return completion(.failure(error))
+            case .success:
+                break
             }
         } else {
-            executable.identifier = url.path
-            executable.displayName = url.lastPathComponent
-            executable.iconPath = IconFilePath.binary
+            populateFromPath(executable, url: url)
         }
 
         if let alreadyFoundExecutable = store[executable.identifier] {
@@ -147,6 +117,60 @@ extension Model {
             return completion(.failure(.codeRequirementError(description: error.localizedDescription)))
         }
     }
+
+    private func populateFromBundle(_ executable: Executable, bundle: Bundle, url: URL) -> Result<Void, LoadExecutableError> {
+        guard let identifier = bundle.bundleIdentifier else {
+            return .failure(.identifierNotFound)
+        }
+        executable.identifier = identifier
+
+        let info = bundle.infoDictionary
+        executable.displayName = (info?["CFBundleName"] as? String) ?? executable.identifier
+
+        guard let resourcesURL = bundle.resourceURL else {
+            return .failure(.resourceURLNotFound)
+        }
+
+        executable.iconPath = resolveIconPath(info: info, resourcesURL: resourcesURL, url: url)
+        return .success(())
+    }
+
+    private func populateFromPath(_ executable: Executable, url: URL) {
+        executable.identifier = url.path
+        executable.displayName = url.lastPathComponent
+        executable.iconPath = IconFilePath.binary
+    }
+
+    private func resolveIconPath(info: [String: Any]?, resourcesURL: URL, url: URL) -> String {
+        let candidatePath: String
+
+        if let definedIconFile = info?["CFBundleIconFile"] as? String {
+            var iconURL = resourcesURL.appendingPathComponent(definedIconFile)
+            if iconURL.pathExtension.isEmpty {
+                iconURL.appendPathExtension("icns")
+            }
+            candidatePath = iconURL.path
+        } else {
+            candidatePath = resourcesURL.appendingPathComponent("DefaultAppIcon.icns").path
+        }
+
+        if FileManager.default.fileExists(atPath: candidatePath) {
+            return candidatePath
+        }
+
+        return fallbackIconPath(for: url.pathExtension)
+    }
+
+    private func fallbackIconPath(for pathExtension: String) -> String {
+        switch pathExtension {
+        case "app":
+            return IconFilePath.application
+        case "bundle", "xpc":
+            return IconFilePath.kext
+        default:
+            return IconFilePath.unknown
+        }
+    }
 }
 
 // MARK: Exporting Profile