MDM Deployment to Install/Uninstall the Mac Bundle (JAMF)

This topic describes how to deploy Mac agents using JAMF, so you can remotely deploy agents to multiple endpoints.

Use this topic as a guide for mass (MDM) installation. Depending on the version of JAMF you are using, the images may change.

Prerequisites

Before you begin, you must

  • Download observeit-OSX-management-tools-<version>.tar.gz from Management Tools (see Management Tools).

  • Download observeit-cloudagent-OSX-<version>.pkg or observeit-cloudagent-OSX-bundle-<version>.pkg file to your desktop or another folder that is easily accessible.

  • Download the Shell Script for the Realm (See Shell Script for Mac Agent and Auto Updater.)

If you want to make changes to the Configuration Profile, use the version that is not signed. After making changes you must sign the configuration profile before deploying it.

For information about how to sign an unsigned configuration profile, see this JAMF article.

Configuration Profiles

For Mac Agent:

  • IT Viewer macOS 11.signed.mobileconfig: Configuration Profile signed by Proofpoint

  • IT Viewer macOS 11.mobileconfig: Unsigned Configuration Profile, to be signed by customer

For Proofpoint Browser Extension:

  • Proofpoint DLP Browser Extension Sample Profile.signed.mobileconfig (Configuration Profile signed by Proofpoint)

  • Proofpoint DLP Browser Extension Sample Profile.mobileconfig (Unsigned Configuration Profile, to be signed by customer)

For details, see Proofpoint Browser Extension for Mac - MDM Installation.

For MDM configuration profile settings see MDM Configuration Profile Settings List.

For information about how to sign an unsigned configuration profile, Signing Configuration Profiles.

If you want to make changes to the Configuration Profile, use the version that is not signed. After making changes you must sign the configuration profile before deploying it.

Disabling Login Items Notifications (optional) - supported from macOS Ventura 13 and higher:

  • Ventura Disable Login Items Notifications Sample Profile.mobileconfig: This is a sample configuration profile showing you how to disable all background task management notifications introduced in macOS Ventura (Login Items notifications). You can entirely disable all such notifications by creating a Configuration Profile based on this sample profile. This is a system-wide profile, so if you use it, notifications that were already triggered and that exist within the Notification Center will not display.

JAMF Limitations

If you're using JAMF:

  • You must use JAMF 10.25 or later with macOS 11 Big Sur.

    You must use JAMF 10.15.1 or later with macOS 10.15 Catalina.

  • You must use JAMF 10.7.1 or later with macOS 10.14 Mojave.

  • If the error message "Unable to decrypt encrypted profile" displays, upgrade to JAMF 10.9.x or later to resolve it.

The MDM deployment procedure has been streamlined so the ObserveIT process controller can be configured to grant access.

Uninstalling the Agent when Updater is Installed

If you are uninstalling the Agent and the Updater is installed, you must uninstall the Updater first:

  1. Uninstall the Updater

  2. Uninstall the Agent

  3. Remove the Configuration Profile

Deploying the Configuration Profile

  1. From the JAMF Web console dashboard, click the Computer button and select Configuration Profiles from the menu on the left-side. The Configuration Profiles screen displays.

  2. Click the Upload button.

  3. Choose one of the configuration profile:

    Click Upload.

    The file is uploaded and the Configuration Profiles window opens.

  4. Select the Options tab and do the following:

    1. Set the Distribution Method to Install Automatically.

    2. Set the Level to Computer Level.

  5. Select the Scope tab and in the Add Deployment Targets area, add the relevant computer.

  6. Click Save.

Uploading the Package File to JAMF

  1. Upload the package you want to deploy.

  2. Open the JAMF Web console dashboard main screen.

  3. Click the Settings icon and select Computer Management from the All Settings menu.

  4. The Computer Management area displays.

  5. Click the Packages icon and the Packages page opens with the list of packages.

  6. Click the New button to add the observeit-cloudagent-OSX-<version>.pkg or observeit-cloudagent-OSX-bundle-<version>.pkg package file that you copied to your desktop (or other folder).

    The New Package page opens.

  7. Click the Choose File button to select the Filename of the package that will be uploaded to the JAMF server.

  8. Select the file and click Choose.

  9. In the Display Name field, you see the name of the package you selected.

  10. Click Save and the package is added.

Uploading Shell Script to JAMF

Now you need to upload the relevant script for the Realm. (See Shell Script.)

  1. Using a text editor, open the downloaded Shell script so you can modify the relevant parameters. These parameters will be applied when the install is run.

  2. From the main dashboard, click the Settings icon and select Computer Management from the All Settings menu.

  3. Click the Scripts icon and the Scripts page opens.

  4. Enter the Display Name.

  5. Click the New button to copy the Shell script file to the New Script page.

  6. Modify the relevant fields in the Shell script and click Save.

  7. From the Options tab, set the Priority to Before so the script runs before the package.

  8. Click Save.

Creating a policy

Create a policy for deploying to the relevant computers. The policy includes the package file and the script with the parameters you defined.

  1. From the JAMF Web console dashboard, click the Computer button and select Policies from the menu.

  2. The Policies page displays listing the currently defined policies.

  3. Click the New button to create a policy.

Defining the parameters of the new policy

  1. In the Options tab, under General:

  1. Specify a Display Name for the policy.

  1. Make sure that the Enabled check box is selected, so that you can run the policy.

  1. Under Trigger, select Recurring Check-in, or trigger for your organization so that the policy will be applied to all the relevant computers at the next time slot (usually every 15 minutes if the JAMF server is up).

  1. Select the frequency at which to run the policy.

Adding and Configuring the Package in the Policy

  1. From the Policies > Options tab, click Packages. Options>General.

  1. Select Configure, and then from the list of packages, click the Add button alongside the package you want to deploy in the policy.

  2. In the Options tab, under Packages, select the Install action from the drop-down list.

  1. In the Scope tab, in the Selected Deployment Targets area , select the computers on which to deploy the package. Click the Add button alongside each target agent. Then click Done.

    The Mac agents listed as available deployment targets must have the JAMF agent installed.

    If you want to run the package yourself, under the Self Service tab, enable Make the policy available in the Self Service check box.

  1. Click Save when you have finished configuring the package for the policy.

Adding and Configuring the Script in the Policy

  1. From the Policies > Options tab, click Scripts.

  1. Select Configure, and then from the list of scripts, click the Add button alongside the script you want to add to the policy.

  2. In the Options tab, under Scripts, make sure the priority for running the script is set to Before.

  1. In the Scope tab, select the computers on which to deploy the script. Click the Add button alongside each target. Then click Done.

  1. Click Save when you have finished configuring the Script for the policy.

Deploying the policy

After creating a policy with the package and script, the JAMF agent on the local computer will deploy the policy next time it checks in with the JAMF server (by default every 15 minutes).

You can monitor the progress of the deployment in the JSS Dashboard.

  1. To check the installation logs, click the Logs button for the selected policy. For example:

    The status of the policy deployment will be displayed for each agent.

  2. To investigate a specific agent’s installation log, click the Show toggle alongside it.

    The details of the installation script are displayed. For example:

    Note the following:

  3. Clicking the Hide toggle closes the installation log details.

  4. Clicking the Flush button will trigger a new deployment of the policy.

  5. In the event of deployment failure, clicking the Flush All Errors button triggers a new deployment on any agents which had errors on deployment.

  6. Clicking Flush All triggers a new deployment on all the agents regardless of installation success or failure.

    Removing the process controller configuration profile

    1. From the JAMF Web console dashboard, click the Computer button and select Configuration Profiles from the menu on the left-side. The Configuration Profiles screen displays.

    2. Select the Scope tab and click the Edit button at the bottom of the screen.

    3. From the list of configuration profiles, select the one you want to remove. Click Remove and Save.

      You are prompted to select the redistribution option after the configuration profile is removed.

    4. Click Save.

    Uninstall the Mac Agent for MDM deployment (JAMF)

    You can remotely uninstall multiple agents to multiple Mac OS endpoints via JAMF.

    Creating the Uninstall Script

    1. From the folder in the .pkg file, open the PreUninstall script example located in observeit-autoupdater-OSX-x.x.x.x.dmg\remote\ and copy its contents.

    2. Open the JAMF Web Console dashboard main screen.

    3. Click the Settings icon and select Computer Management from the All Settings menu.

    4. Under Computer Management, click the Scripts icon .

    5. Under Scripts, click New button to add the PreUninstall script to the JAMF Web Console.

    6. Paste the copied PreUninstall script to the Script Contents. You can add a password in the PASSWORD parameter if you want.

    7. Save the script.

    Creating the uninstall policy

    1. In the JAMF Web Console dashboard, click the Computers button and select Policies.

    2. Click the New button to create a policy.

    3. In the Options tab, under General:

      1. Specify a Display Name for the policy.

      2. Select the Enabled check box so that you can run the policy.

      3. Under Trigger, select Recurring Check-in, so that the policy will be applied to all the relevant computers.

    Adding and configuring the script in the policy

    1. From the Policies > Options tab, click Scripts.

    2. Select Configure, and then from the list of scripts, click the Add button alongside the uninstall script you created.

    3. In the Scope tab, select the Mac agents on which to deploy the uninstall script. Click the Add button alongside each target agent. Then click Done.

    4. Click Save when you have finished configuring the uninstall script for the policy.

    Deploying the uninstall policy to the Mac Agents

    After creating a policy with the uninstall script, the JAMF agent on the local computer deploys the policy next time it checks in with the JAMF server (by default every 15 minutes).

    You can monitor the progress of the uninstall policy, using the JAMF Dashboard. To check the uninstallation logs, click the Logs button for the selected policy.

    You can do this in the User Interaction tab of the policy, as shown in the following example:

Related Topics:

Mac Agent ITM/ Endpoint DLP Bundle Installation

Uninstalling the Mac Agent