> Please Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as macOS Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to macapps.threatlocker.com.

Below, you will find the steps for MAC deployment through Jamf Pro. 

 


STEP 1: SET UP THE THREATLOCKER MDM CONFIGURATION PROFILES 

MDM configuration profiles automatically set rights and preferences for the ThreatLocker Agent. When configurd by MDM, the end user will not be prompted to manually enter admin credentials. These profiles on their own do not install any software; they only set needed rights and preferences to enable smooth remote installation of the ThreatLocker Agent.
> Please Note: To allow for smooth remote installation of the ThreatLocker agent on MacOS, have the MDM profiles deployed to all Mac devices before the ThreatLocker agent installation is attempted.  Beware, remote installation of ThreatLocker on MacOS using an RMM without using an MDM is not recommended because an RMM alone cannot set these required permissions.   

 
Use the link below to download the current version 3 ThreatLocker MDM profiles.   
 


From the downloaded file above, extract the included .mobileconfig files:  

 1. ThreatLocker Configuration (Required) 

 2. ThreatLocker Startup & Lock (Required) 

 3. ThreatLocker Network Core (Required) 

 4. ThreatLocker Network ZTNA + ZTCA (Required for ZTNA and ZTCA) 

All profiles should be added to your MDM as separate configuration profiles and scoped to your Mac devices.  

Login to JAMF Pro, navigate to the ‘Computers’ page and click on ‘Configuration Profiles’.  Click on the ‘Upload’ button and import one of the ThreatLocker .mobileconfig files from the above link.   



Once imported, define the scope by navigating to the Scope Tab.  Then click Add.   
 


On the ‘Add Deployment Targets’ page, click ‘Computer Groups’, Then click ‘Add’ next to all of the groups you wish to deploy to.  Finally click ‘Save’ 




 


STEP 2: CREATE THE SCRIPT

After the Configuration Profile is imported and saved, head to the Settings page and search for “Scripts” 



After clicking on Scripts, click on Add and enter a display name for the new script. 



Under the Script tab, import our MDM deployment script from the ThreatLocker portal into Jamf Pro.





> To see where to get the latest version of our MDM script, please see the 'RMM Deployment' section of

Be sure to replace the GroupKey with the group key of the Mac group, which can be located




 


STEP 3: ADD THE DEPLOYMENT SCRIPT TO THE POLICY

After saving the profile, click on Policies and New to create a new policy. Give the policy a name and add your ThreatLocker deployment script to the policy. 

Be sure to also define a scope for the policy before saving it.  



ThreatLocker should now be deployed to the machines defined within your scope.  

Deploying ThreatLocker to MAC through Jamf

Deploying ThreatLocker with the Stub Installer

Installing and Uninstalling Using the ThreatLocker MSI

Deploying ThreatLocker to MAC with Addigy MDM

Deploying ThreatLocker with N-able RMM

Deploy ThreatLocker Using Intune

Deploying ThreatLocker with NinjaRMM – PowerShell Script

Deploying ThreatLocker Using DattoRMM

Deploying ThreatLocker with ConnectWise Command (Formerly Continuum RMM)

Deploying ThreatLocker using Atera - PowerShell Script

Deploying ThreatLocker with N-Central

Deploying ThreatLocker with ConnectWise Automate

Deploying ThreatLocker with a Datto RMM Component

ConnectWise Automate Continuous Deployment

Deploying ThreatLocker via GPO with a startup script

Deploying ThreatLocker using SyncroRMM - PowerShell Script

Deploying ThreatLocker using ConnectWise Control

Deploying ThreatLocker in a VDI environment 

Deploying ThreatLocker with Kaseya VSA

Deploying ThreatLocker using ConnectWise RMM

Deploy ThreatLocker Using Nerdio Manager for MSP (NMM)

Deploy ThreatLocker Using System Center Configuration Manager (SCCM)

Deploying the ThreatLocker Agent through Kaseya VSA X

Deploying ThreatLocker to MAC with Kandji MDM

Deploying ThreatLocker to MAC with Intune

Deploying ThreatLocker using SyxSense 

Deploying ThreatLocker to MAC with Hexnode MDM

Deploying ThreatLocker to MAC using VMWare Workspace ONE UEM

Deploying the ThreatLocker MSI through GPO 

Allowing ThreatLocker Communication Through an  Authenticated Proxy Server 

Deploying ThreatLocker to Windows XP

Deploying ThreatLocker using Action1

Deploying ThreatLocker using ManageEngine

Deploying ThreatLocker to Windows XP/Server 2003

Linux Agent Installing and Uninstalling Process

ThreatLocker Stub Installer

MAC Agent Installation

Installing Linux Agent With Relay or Proxy

Changing How Computers Initially Learn Once Deployed (Computer, Group, or System Policies)

Deploying ThreatLocker with N-able N-Sight RMM

Deployment

Search our Knowledge Base

Deploying ThreatLocker to MAC through Jamf

Step 1: Set up the ThreatLocker MDM Configuration Profiles

Step 2: Create the Script

Step 3: Add the Deployment Script to the Policy