Jamf MDM macOS Deployment

In this article, we'll walk through how to set up Jamf MDM to deploy the Zorus Filtering Agent for macOS.

**Please note that the Mac agent is still in late-stage beta.**

**During these steps, User-Initiated Enrollment was used. Internally we do not have access to Apple Business Manager/School manager to simulate automated device enrollment within Jamf**

Compatible macOS Versions

Step 1. Once you have your Apple Push Certificate uploaded, you're ready to start uploading the provided MDM configuration profiles using the link below (note: This Apple Push Certificate is a step you should already have done if you have your MDM configured to manage devices) :

MDM Configuration Profiles

From here, you'll want to upload these profiles to Jamf by navigating to the Catalog on the left sidebar and then clicking on MDM Profiles. Then download all 6 of these one by one, the download button is in the top right.

Step 2. In Jamf to upload Configuration Profiles start from 

Dashboard > Computers > Configuration profiles.

 

Here upload all 7 configuration profiles and set your scope for each Configuration Profile, this is personal preference. If pushing to all devices we recommend: All Computers, All users.

 

The scope will have to be set under each Configuration Profile you upload.

 

As for the options, the only Configuration Profiles we will need to make sure are correct when uploading are MSP Filtering (Login Items) and MSP Filtering (TP). 


MSP Filtering (Login Items)

Team Identifier: X2G78PSXBN


MSP Filtering (TP)

Make sure this profile uploads as a VPN

Then check that these settings are correct under VPN.

Identifier: com.ZorusTech.MSP-Filtering

Server: mspfilteringtp.local

Provider Type: App-Proxy

Step 3. Now that we are finished uploading the Configuration Profiles we can upload the script that will be used to deploy the Filtering and Maintenance App.

Script link here

In Jamf, to upload the script, head to Settings on the left and search scripts.

 

Click into scripts and hit new at the top right

 

Name the script under General and paste the script into the box.

Before we save the script we are going to change out "YourDeploymentTokenHere" with a "$4" this is so we can create it as variable to make the token interchangeable when we deploy without needing to edit the script every time we deploy to a new customer. 

 

Now under options label Parameter 4 "Zorus Token" and click save.

Step 4. Now that we have the script uploaded we need to apply the script to a policy so it deploys out. Go back to computers and click Policies.

Here we want to hit new in the top right to create a new policy to add the script to.

 

In "General" name the policy, then we recommend checking "Enrollment Complete" to run the script after a new device has enrolled. As well as check "Automatically re-run policy on failture" 

 

Click scripts on the sidebar then configure scripts

 

Here we will select the script we just added

 

Under this script this is where you will set the token for the customer you will be deploying to.

 

Then under Scope, select the Computers and Users you want this script to push to and click save

Step 5. After all of these steps are configured, the final step is to enroll the device in the MDM. Once the device is enrolled in the MDM, the agent will be pushed out automatically with the Configuration Profiles and Script.