Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as macOS core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to macapps.threatlocker.com
Below, you will find the steps for MAC deployment through Kandji.
Step 1: Create a Custom Profile to deploy ThreatLocker.
Once logged into Kandji, navigate to the Library page and click 'Add new'.
Search for Custom Profile and click on 'Add & Configure'.
Download the ThreatLocker Configuration Profile from the following link and import it into the next page:
https://static.threatlocker.com/deployment/A/ThreatLockerConfigurationProfile.zip
Here you can also select the Blueprint to apply the profile.
Click save to add the configuration profile to your library.
Step 2: Create a Custom Script to Deploy ThreatLocker
While still on the Add Library Item page, search for 'Custom Scripts' and click 'Add & Configure'.
Select the Blueprints that you would like to deploy ThreatLocker to. This should match the same Blueprints you selected for the configuration profile, and then download our MDM deployment script and import it into the Kandji portal.
To see where to get the latest version of our MDM script, please see the 'RMM Deployment' section of Deploying ThreatLocker | ThreatLocker Help Center (kb.help)
Be sure to replace the GroupKey with the group key of the Mac group, which can be located here.
Select 'Save' to add the script to your Library.
Step 3: Allow ThreatLocker Profile and Script to run in Blueprints.
You can add the configuration profile and deployment script to Blueprints by heading to the Blueprints page and modifying a new or existing Blueprint.
The script can be enabled within the Blueprint within Installers & Scripts > Custom Scripts.
Meanwhile, the configuration profile can be enabled within Profiles > Custom Profile.
Note: The Configuration Profile needs to be installed onto the Mac devices before the script is run. Otherwise, permissions for the agent must be granted manually.
Select 'Save' Library items to add the configuration profile and deployment script to the Blueprint. ThreatLocker will be installed the next time the Kandji agent checks in.