Help CenterNote: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as macOS Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to macapps.threatlocker.com.
Below, you will find the steps for MAC deployment through Jamf Pro.
Step 1: Set up the ThreatLocker Configuration Profile
Use the link below to download the ThreatLocker MDM profiles.
From the downloaded file above, extract the two .mobileconfig files:
-
ThreatLocker Configuration
-
ThreatLocker Startup & Lock
BOTH files should be added to your MDM as separate configuration profiles.
Login to JAMF Pro, head to the Computers page and click on ‘Configuration Profiles’.
Click on the ‘import’ button and import the first ThreatLocker .mobileconfig file from the above link.
Once imported, make sure to define the scope of the profile.
Import and scope the second ThreatLocker .mobileconfig file as a separate configuration profile.
Note: To allow for correct remote installation of the ThreatLocker agent on MacOS, have both MDM profiles deployed to all Mac devices before the ThreatLocker agent installation is attempted. MDM configuration profiles automatically set rights and preferences for the ThreatLocker Agent without requiring admin credentials. These profiles do not install any software on your Macs, they only set needed rights & preferences. Remote MacOS installation using an RMM without using an MDM will require permissions for the agent to be granted manually.
Step 2: Create the Script
After the Configuration Profile is imported and saved, head to the Settings page and search for “Scripts”
After clicking on Scripts, click on Add and enter a display name for the new script.
Under the Script tab, import our MDM deployment script from the ThreatLocker portal into Jamf Pro.
To see where to get the latest version of our MDM script, please see the 'RMM Deployment' section of Deploying ThreatLocker | ThreatLocker Help Center (kb.help)
Be sure to replace the GroupKey with the group key of the Mac group, which can be located here.
Step 3: Add the Deployment Script to the Policy
After saving the profile, click on Policies and New to create a new policy. Give the policy a name and add your ThreatLocker deployment script to the policy.
Be sure to also define a scope for the policy before saving it.
ThreatLocker should now be deployed to the machines defined within your scope.