MDM Deployment to Install/Uninstall the Mac Bundle (JAMF)

This topic describes how to deploy Mac agents using JAMF, so you can remotely deploy agents to multiple endpoints.

Use this topic as a guide for mass (MDM) installation. Depending on the version of JAMF you are using, the images may change.

Prerequisites

Before you begin, do the following:

  1. From Agent Realms, download the Shell Script for the Agent Realm. (Administration app > Endpoints >Agent Realms). Make sure you select Agent.

    See Shell Script for Mac Agent and Auto Updater.

  2. From EndpointsDownloads, download latest Management Tools with the Configuration Profile (observeit-OSX-management tools-OSX-X.X.X.tar.gz).

    See Management Tools.

  3. From EndpointsDownloads, download and open the latest macOS Agent release (observeit-cloudagent-OSX- bundle-x.x.x.x.tar.gz).

Make sure you download the bundle - not the Agent.

If you want to make changes to the Configuration Profile, use the version that is not signed. After making changes you must sign the configuration profile before deploying it.

For information about how to sign an unsigned configuration profile, see this JAMF article.

Configuration Profiles

For Mac Agent:

  • IT Viewer macOS 11.signed.mobileconfig: Configuration Profile signed by Proofpoint

  • IT Viewer macOS 11.mobileconfig: Unsigned Configuration Profile, to be signed by customer

For Proofpoint Browser Extension:

  • Proofpoint DLP Browser Extension Sample Profile.signed.mobileconfig (Configuration Profile signed by Proofpoint)

  • Proofpoint DLP Browser Extension Sample Profile.mobileconfig (Unsigned Configuration Profile, to be signed by customer)

For details, see Proofpoint Browser Extension for Mac - MDM Installation.

For MDM configuration profile settings see MDM Configuration Profile Settings List.

For information about how to sign an unsigned configuration profile, Signing Configuration Profiles.

If you want to make changes to the Configuration Profile, use the version that is not signed. After making changes you must sign the configuration profile before deploying it.

Disabling Login Items Notifications (optional) - supported from macOS Ventura 13 and higher:

  • Ventura Disable Login Items Notifications Sample Profile.mobileconfig: This is a sample configuration profile showing you how to disable all background task management notifications introduced in macOS Ventura (Login Items notifications). You can entirely disable all such notifications by creating a Configuration Profile based on this sample profile. This is a system-wide profile, so if you use it, notifications that were already triggered and that exist within the Notification Center will not display.

JAMF Limitations

If you're using JAMF:

  • You must use JAMF 10.25 or later with macOS 11 Big Sur.

    You must use JAMF 10.15.1 or later with macOS 10.15 Catalina.

  • You must use JAMF 10.7.1 or later with macOS 10.14 Mojave.

  • If the error message "Unable to decrypt encrypted profile" displays, upgrade to JAMF 10.9.x or later to resolve it.

The MDM deployment procedure has been streamlined so the ObserveIT process controller can be configured to grant access.

Uninstalling the Agent when Updater is Installed

If you are uninstalling the Agent and the Updater is installed, you must uninstall the Updater first:

  1. Uninstall the Updater

  2. Uninstall the Agent

  3. Remove the Configuration Profile

JAMF Deployment for the Bundle

Set up the following:

  1. Upload the Configuration Profile

  2. Upload the Package

  3. Upload the Shell Script

  4. Create the Policy

  5. Configure the Policy Scope

Upload the Configuration Profile

Upload the Configuration Profile included in the Management Tools you downloaded.

  1. In JAMF, from the menu on the left-side, in Computers, select Configuration Profiles.

  2. In the Configuration Profiles screen, from the list of configuration profiles, select the Configuration Profile you downloaded with the latest Management Tools.

Upload the Package

Upload the package you want to deploy.

observeit-cloudagent-OSX-bundle-x.x.x.x.pkg package was downloaded with observeit-cloudagent-OSX-bundle-x.x.x.x.tar.

  1. In JAMF, from the left-side menu, in Computers, select Policies.

  2. Click New.

    The New Package page opens.

  3. In the Filename area, browse to the observeit-cloudagent-OSX-bundle-x.x.x.x.pkg package package file.

  4. In the Display Name field, you see the name of the package you selected.

  5. Click Save and the package is added.

Upload the Shell Script

Upload the relevant Shell script you downloaded from the Agent Realm.

  1. Using a text editor, open the downloaded Shell script so you can modify the relevant parameters. These parameters will be applied when the install is run.

  2. From menu on the left-side, select Settings and from the options, select Scripts.

  3. Select Scripts and the Scripts page opens.

  4. Click New and the New Script page displays.

  5. From the General tab, provide a Display Name.

  6. In the Scripts tab, copy the Shell script file and paste it.

  7. Review and save.

  8. From the Options tab, set the Priority to Before so the script runs before the package.

  9. Click Save.

Create the Policy

Add a new policy for the Updater.

  1. From Computers, select Policies from menu on the left-side.

  2. In the Options tab, select General from the menu on the left side and provide a Display Name for the policy you are adding.

    Make sure that the Enabled check box is selected, so that you can run the policy.

  3. From menu on the left, select Packages and Configure the package. From the list of package, select the package.

  4. From menu on the left, select Scripts and select the script from the list.

  5. Save.

Configure the Policy Scope

Configure the Package in the Policy

  • From Computers, select Policies click Logs.

Check the Status

  1. From Computers, select Policies and click Logs.

  2. From the Logs screen you can see the status of your Bundle.

 

The Mac agents listed as available deployment targets must have the JAMF agent installed.

If you want to run the package yourself, under the Self Service tab, enable Make the policy available in the Self Service check box.

Removing the process controller configuration profile

  1. From the JAMF Web console dashboard, click the Computer button and select Configuration Profiles from the menu on the left-side. The Configuration Profiles screen displays.

  2. Select the Scope tab and click the Edit button at the bottom of the screen.

  3. From the list of configuration profiles, select the one you want to remove. Click Remove and Save.

    You are prompted to select the redistribution option after the configuration profile is removed.

  4. Click Save.

Uninstall the Mac Agent for MDM deployment (JAMF)

You can remotely uninstall multiple agents to multiple Mac OS endpoints via JAMF.

Do the following:

  1. Create the Uninstall Script

  2. Create the Uninstall Policy

  3. Add and Configure the Script in the Policy

  4. Deploy the Uninstall policy to the Bundle

Create the Uninstall Script

  1. From the folder in the .pkg file, open the PreUninstall script example located in observeit-cloudagent-OSX-bundle-x.x.x.x.dmg\remote\ and copy its contents.

  2. Open the JAMF Web Console dashboard main screen.

  3. From menu on the left-side, select Settings and from the options, select Scripts.

  4. Select Scripts and the Scripts page opens.

  5. Click New and the New Script page displays.

  6. Click New button to add the PreUninstall script.

  7. From the General tab. Provide the Display Name for the script

  8. From the Script tab, paste the PreUninstall script that you copied.

  9. If you configured a security key, modify to include it in the script using "". (See Uninstall Key.)

  10. From the Options tab, from the Priority dropdown, select Before.

  11. Save the script.

Create the Uninstall Policy

  1. In the JAMF Web Console dashboard, select the ComputersPolicies from the left menu.

  2. Click New to create a policy.

  3. From the Options tab, under General:

    1. Specify a Display Name for the policy.

    2. Select the Enabled check box so that you can run the policy.

    3. Under Trigger, select Recurring Check-in, so that the policy will be applied to all the relevant computers.

  4. From the menu on the left, select Scripts.

  5. From the list of scripts, select the script you want.

  6. Save.

Add and Configure the Script in the Policy

  1. From the Policies > Options tab, click Scripts.

  2. Select Configure, and then from the list of scripts, click the Add button alongside the uninstall script you created.

  3. From the Scope tab in ComputersPolicies, select the Mac agents on which to deploy the uninstall script. Click the Add button alongside each target agent. Then click Done.

  4. Click Save when you have finished configuring the uninstall script for the policy.

Deploy the Uninstall policy to the Bundle

After creating a policy with the uninstall script, the JAMF agent on the local computer deploys the policy next time it checks in with the JAMF server (by default every 15 minutes).

You can monitor the progress of the uninstall policy, using the JAMF Dashboard. To check the uninstallation logs, click the Logs button for the selected policy.


Related Topics:

Mac Agent and Apple Privacy Controls

MDM Configuration Profile Settings List

Mac Agent ITM/ Endpoint DLP Bundle Installation

Uninstalling the Mac Agent