As part of user data security enhancements in macOS 10.14.5 and above, you must approve access to protected user and application data. This is required for the sensor to operate at maximum capability (with protection fully enabled, monitoring and protecting all applications and the file system).
This requirement is in addition to SysEXT and NetworkExtension approvals, and does not replace that approval process.
The preferred mechanism for the Full Disk Access approval is through the creation and deployment of a mobile device management (MDM) profile.
Alternatively to the MDM method, Full Disk Access can be granted manually by the endpoint administrator through the Security & Privacy System Preferences pane. This option is only recommended for very small deployments where MDM solution may not be available, or for testing on individual devices prior to deployment.