Deploying ThreatLocker to MAC with Addigy MDM

2 min. readlast update: 12.20.2024
Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as macOS Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to macapps.threatlocker.com

Below, you will find the steps for MAC deployment through Addigy MDM.

Step 1: Create a new smart software to deploy ThreatLocker.

Within the Addigy portal, navigate to Catalog > Software and click New to create a new script.

Name the script, download our MDM deployment script from the ThreatLocker portal, and add it to the Addigy portal.

To see where to get the latest version of our MDM script, please see the 'RMM Deployment' section of Deploying ThreatLocker | ThreatLocker Help Center (kb.help)

Replace the value of the GroupKey variable with your GroupKey, which can be found here: Locate your GroupKey

Once your GroupKey is entered, save the script to your catalog.

Step 2: Import our Configuration Profile to allow our System Extension.

Head to the MDM Profiles tab within Catalog and click on New.

Click on the Import Profile button and import the Configuration profile from the link below:
https://static.threatlocker.com/deployment/A/ThreatLockerConfigurationProfile.zip

Lastly, click Save Profile to save the profile to your catalog.

Step 3: Add the Smart Software and the MDM profile to a policy so it can be deployed.

Head to the Policies page and create a new policy,

Within the new policy, head to Profiles and add the ThreatLocker Configuration Profile to the policy.

Note: The Configuration Profile needs to be installed onto the Mac devices before the script is run. Otherwise, permissions for the agent must be granted manually.

Head to Software and add the deployment script to the policy as well.

Once configured, this policy will deploy ThreatLocker to any Mac devices that this policy is applied to.

Was this article helpful?