LogoLogo
  • Introducing dope.swg
    • Changing the Rules...
    • Quick Start Guide
      • Create a dope.swg Account
      • Get Started with the dope.endpoint
      • Import User and Group Data
      • Create a dope.swg Web Policy
    • Mitre ATT&CK and Nist CSF
  • dope.console
    • Analytics
      • Overview dashboard
      • Policy View
      • Productivity
      • Shadow IT
      • Detail View
    • dope.swg Policy
      • Editing the Base Policy
      • Adding Policy Exceptions
      • Assigning a Block Page
      • Creating Custom Categories
      • URL Bypass List
      • Application Bypass List
      • Default Bypass List
      • Cloud Application Control (CAC)
        • Microsoft O365
        • Google
        • Box
        • Salesforce
        • Dropbox
        • Slack
        • WebEx
      • Custom Policy
      • Policy Assignment
      • Policy Inheritance and Customization
    • CASB Neural
      • Microsoft 365 - Authentication
      • Google - Authentication
      • CASB DLP
        • DLP Files Table
    • Endpoint Manager View
      • Searching the View
      • Filtering and Sorting the Endpoint View
      • Endpoint Count
      • Running Diagnostics
      • Disable Endpoint
    • Settings
      • General
      • Block Pages
      • Endpoints
      • Users
        • Importing from Google
        • Why not SAML & SCIM?
      • Audit Log
      • SIEM Integration
        • Category & Verdict Mappings
      • API Client Credentials
      • Billing Details
    • Notifications
      • SSL Errors
  • dope.endpoint
    • Trusted Process Names
    • Generate Diagnostics
    • Disable Endpoint
    • Installing using MDM on Mac
      • Using JAMF
      • Using Kandji
      • Using Intune
    • Installing using Intune on Win
    • Mac Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • Windows Installer
      • Installation Process - Silent
      • Uninstall
      • Endpoint Authentication
    • dope.endpoint UI
      • Windows UI
      • macOS UI
    • Automatic Updates
  • Release Notes
  • DOPE.APIs
    • Public API Specification
Powered by GitBook
On this page
  • 1. Upload the MobileConfig File
  • 2. Deploy profile to devices
  • 3. Install the application pkg
  1. dope.endpoint
  2. Installing using MDM on Mac

Using JAMF

PreviousInstalling using MDM on MacNextUsing Kandji

Last updated 8 months ago

JAMF simplifies mass-installation of the dope.endpoint on Mac. This removes all manual steps: trusting the Certificate and accepting system extension permissions.

There are two primary components:

  1. MDM Profile: this is the config profile that contains the certificate, extension, VPN, and privacy permission to ensure the user will never see a pop-up. Otherwise, there will be manual interaction for accepting/authorizing the installation (due to Apple security policies)

  2. : this is where you upload the full zip to JAMF to deploy to your devices - same steps as any managed deployment (upload the install zip as-is). Once distributed, JAMF will run the installer

Known JAMF Issues outside of dope.security control:

  1. JAMF documentation mentions that .zip is not supported, but it works perfectly fine

  2. JAMF can be intermittently slow and will display an Availability Pending message. It can take up to an hour to process

1. Upload the MobileConfig File

  1. Root Certificate - for trusting the on-device SSL inspection

  2. Network Extension Permission - for re-routing traffic to the on-device proxy

  3. VPN Permission - for re-routing traffic to the on-device proxy

  4. Privacy Preferences Permission - for anti-tampering

After uploading it to JAMF, you will have the full profile available to target and deploy to devices.

2. Deploy profile to devices

Take your new profile scope, click Scope, and target it to your endpoints:

Add the target machines you want to distribute to.

The profile should have 4 items (certificate, system extension, vpn, and privacy preferences):

3. Install the application pkg

  • Installer .pkg (Universal binary supports both Intel & Arm)

  • agent_parameters.json

  • Certificate

JAMF documentation does not explicitly say that .zip is supported, however you can directly upload the .zip to JAMF without issues

Scope the target machines you want to install to and send. Target machines will pick up, install the dope.security package, and require no manual intervention.

The next step on the target machines will be to authenticate using Google or O365.

You can retrieve the MDM profile's XML and directly upload it to JAMF. This will contain all requisite permissions at once, including:

Create a and upload the installation .zip. Recall, it includes:

here
JAMF package deployment
Managed Installation
You can validate that the 4 payloads are configured
An screenshot sample of deploying to targets
All 4 permissions are now on the device. This screen looks slightly different on Mac12
You can also validate the certificate is marked as Always Trust on Keychain Access
You'll need to write a policy with the package & scope it. Use cloud distribution and install once per device.