Using Kandji

The Kandji instructions below allow you to do a managed device deployment using a Kandji blueprint. Kandji (and all MDMs) eliminate manual steps on Mac to trust the Certificate and accept permissions for our system extension.

1. Upload the MobileConfig File

You can retrieve the MDM profile's XML here and directly upload it to JAMF. This will contain all requisite permissions at once, including:

  1. Root Certificate - for trusting the on-device SSL inspection

  2. Network Extension Permission - for re-routing traffic to the on-device proxy

  3. VPN Permission - for re-routing traffic to the on-device proxy

  4. Privacy Preferences Permission - for anti-tampering

You will need to add the XML to a .mobileconfig file, and upload it to Kandji as show below.

2. Deploy profile to devices

Add the custom profile to the blueprints you are going to install the endpoint on. We always recommend to deploy the profile prior to installing the software to ensure there are no user pop-ups.

3. Upload the application pkg zip

Add a new custom app into your library with the Mac package downloaded from your dope.console:

You can add the Blueprints that the application will be deployed to here, and select either:

  • Install once per device: This option will install the software only

  • Audit & Enforce: This will use a script to ensure the software remains installed (best practice, although the software is built to prevent removal)

After the library item has been setup, you will be able to deploy this to all of your devices quickly. You may opt to do a small test deployment, but we have seen admins deploy thousands of healthy installs in minutes.

Last updated