# Using JAMF JAMF simplifies mass-installation of the dope.endpoint on Mac. This removes all manual steps: trusting the Certificate and accepting system extension permissions.
There are two primary components: 1. **MDM Profile**: this is the config profile that contains the certificate, extension, VPN, and privacy permission to ensure the user will never see a pop-up. Otherwise, there will be manual interaction for accepting/authorizing the installation (due to Apple security policies)
2. [Managed Installation](https://learn.jamf.com/bundle/jamf-pro-documentation-current/page/Package_Deployment.html): this is where you upload the full zip to JAMF to deploy to your devices - same steps as any managed deployment (upload the install zip as-is). Once distributed, JAMF will run the installer {% hint style="warning" %} Known JAMF Issues outside of dope.security control: 1. JAMF documentation mentions that .zip is not supported, but it works perfectly fine 2. JAMF can be intermittently slow and will display an **Availability Pending** message. It can take up to an hour to process

3. JAMF intermittently imports only 4 of 5 required items, and misses the root certificate. Ensure that your MDM profile contains all 5 permissions & upload the root certificate if required. {% endhint %} ## 1. Upload the `MobileConfig` File You can retrieve the MDM profile's XML [here](https://inflight.dope.security/dope.endpoint/installing-using-mdm-on-mac) and directly upload it to JAMF. This will contain all requisite permissions at once, including: 1. Root Certificate - for trusting the on-device SSL inspection 2. Network Extension Permission - for re-routing traffic to the on-device proxy 3. VPN Permission - for re-routing traffic to the on-device proxy 4. Privacy Preferences Permission - for anti-tampering 5. Service Management Permission - for anti-tampering to login & background items

You can validate that the 5 payloads are configured

After uploading it to JAMF, you will have the full profile available to target and deploy to devices. ## 2. Deploy profile to devices Take your new profile scope, click Scope, and target it to your endpoints:

An screenshot sample of deploying to targets

Add the target machines you want to distribute to. The profile should have 4 items (certificate, system extension, vpn, and privacy preferences):

All 4 permissions are now on the device. This screen looks slightly different on Mac12

You can also validate the certificate is marked as Always Trust on Keychain Access

## 3. Install the application pkg Create a [JAMF package deployment](https://learn.jamf.com/en-US/bundle/jamf-pro-documentation-current/page/Package_Deployment.html) and upload the installation `.zip`. Recall, it includes: * Installer `.pkg` (Universal binary supports both Intel & Arm) * `agent_parameters.json` * Certificate {% hint style="success" %} JAMF documentation does not explicitly say that .zip is supported, however you can directly upload the .zip to JAMF without issues {% endhint %} Scope the target machines you want to install to and send. Target machines will pick up, install the dope.security package, and require no manual intervention.

You'll need to write a policy with the package & scope it. Use cloud distribution and install once per device.

The next step on the target machines will be to authenticate using Google or O365.