In this article, we'll walk through how to set up Jamf MDM to deploy the Zorus Filtering Agent for macOS.
**Please note that the Mac agent is still in late-stage beta.**
**During these steps, User-Initiated Enrollment was used. Internally we do not have access to Apple Business Manager/School manager to simulate automated device enrollment within Jamf**
Step 1. Once you have your Apple Push Certificate uploaded, you're ready to start uploading the provided MDM configuration profiles using the link below (note: This Apple Push Certificate is a step you should already have done if you have your MDM configured to manage devices) :
From here, you'll want to upload these profiles to Jamf by navigating to the Catalog on the left sidebar and then clicking on MDM Profiles. Then download all 6 of these one by one, the download button is in the top right.
Step 2. In Jamf to upload Configuration Profiles start from
Dashboard > Computers > Configuration profiles.
Here upload all 7 configuration profiles and set your scope for each Configuration Profile, this is personal preference. If pushing to all devices we recommend: All Computers, All users.
The scope will have to be set under each Configuration Profile you upload.
As for the options, the only Configuration Profiles we will need to make sure are correct when uploading are MSP Filtering (Login Items) and MSP Filtering (TP).
MSP Filtering (Login Items)
Team Identifier: X2G78PSXBN
MSP Filtering (System Extensions)
When you upload the Systems Extensions mobile config make sure both show up under system extensions.
They will look the same. Although the difference is the first one is the Allowed System Extensions and the second is Removable System Extensions.
MSP Filtering (TP)
Make sure this profile uploads as a VPN
Then check that these settings are correct under VPN.
**There are two payloads in the mobile config that need to be adjusted make sure to scroll down**
Payload 1
Connection Name: MSP Filtering Block Page
Identifier: com.ZorusTech.Filtering.BlockPage
Server: 127.0.0.1
Payload 2
Connection Name: MSP Filtering Standard DNS
Identifier: com.ZorusTech.Filtering.Standard
Server: 127.0.0.1
Step 3. Now that we are finished uploading the Configuration Profiles we can upload the script that will be used to deploy the Filtering and Maintenance App.
Script link here
In Jamf, to upload the script, head to Settings on the left and search scripts.
Click into scripts and hit new at the top right
Name the script under General and paste the script into the box.
Before we save the script we are going to change out "YourDeploymentTokenHere" with a "$4" this is so we can create it as variable to make the token interchangeable when we deploy without needing to edit the script every time we deploy to a new customer.
Now under options label Parameter 4 "Zorus Token" and click save.
Step 4. Now that we have the script uploaded we need to apply the script to a policy so it deploys out. Go back to computers and click Policies.
Here we want to hit new in the top right to create a new policy to add the script to.
In "General" name the policy, then we recommend checking "Enrollment Complete" to run the script after a new device has enrolled. As well as check "Automatically re-run policy on failture"
Click scripts on the sidebar then configure scripts
Here we will select the script we just added
Under this script this is where you will set the token for the customer you will be deploying to.
Then under Scope, select the Computers and Users you want this script to push to and click save
Step 5. After all of these steps are configured, the final step is to enroll the device in the MDM. Once the device is enrolled in the MDM, the agent will be pushed out automatically with the Configuration Profiles and Script.