Installing using MDM on Mac

Without MDM, permissions have to be manually approved due to Apple requirements. It's a few button clicks to approve if you're just testing, but it doesn't scale for wider deployments, for which we highly recommend (require) MDM

We've pre-created a custom profile to make MDM profile deployment easy. Our mac MDM profile (.mobileconfig) consists of 4 configurations:

  1. Root Certificate - for trusting the on-device SSL inspection

  2. Network Extension Permission - for re-routing traffic to the on-device proxy

  3. VPN Permission - for re-routing traffic to the on-device proxy

  4. Privacy Preferences Permission - for anti-tampering

  5. Service Management Permission - for anti-tampering to login & background items

Sample system extension policy from Simple MDM

The easiest method to import these is to upload, or copy & paste the custom profile below into your MDM software. You can also manually create it.

Some MDM software will require you to save & upload this as a .mobileconfig file

Anti-tampering on Mac

To prevent end-users from tampering or disabling the endpoint, there are several permissions that must be part of the above MDM profile. You'll know that these are in effect as they will show up inside of your System Preferences:

The Login & Background Items is fixed to be On
The Network Extension is fixed to be On

These settings were updated to prevent disabling in MacOS 15 onwards

Deploying the .zip

After deploying the MDM profile, you can now upload the .zip and have it deployed to your target systems.

It's unusual, but if you need a DMG for any reason, you can run this command:

After deploying MDM & the installer to your target devices, users will no longer be required to enter your password or accept other permissions. That's it!

PreviousDisable EndpointNextUsing JAMF

Last updated