Company logoHelp Center
Visit www.threatlocker.com

Deploying ThreatLocker to MAC with the Kandji MDM

2 min. readlast update: 03.12.2024
Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as macOS core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to macapps.threatlocker.com

Below, you will find the steps for MAC deployment through Kandji. 

Step 1: Create a Custom Profile to deploy ThreatLocker.

Once logged into Kandji, navigate to the Library page and click 'Add new'.

Search for Custom Profile and click on 'Add & Configure'.

Download the ThreatLocker Configuration Profile from the following link and import it into the next page:
https://static.threatlocker.com/deployment/A/ThreatLockerConfigurationProfile.zip

Here you can also select the Blueprint to apply the profile.

Click save to add the configuration profile to your library.

Step 2: Create a Custom Script to Deploy ThreatLocker

While still on the Add Library Item page, search for 'Custom Scripts' and click 'Add & Configure'.

Select the Blueprints that you would like to deploy ThreatLocker to. This should match the same Blueprints you selected for the configuration profile.

Copy and paste the following script into the Script Details section:
https://static.threatlocker.com/deployment/A/ThreatLockerDeploymentScript-MDM.txt

Be sure to replace the GroupKey with the group key of the Mac group, which can be located here

Select 'Save' to add the script to your Library.

Step 3: Allow ThreatLocker Profile and Script to run in Blueprints. 

You can add the configuration profile and deployment script to Blueprints by heading to the Blueprints page and modifying a new or existing Blueprint.

The script can be enabled within the Blueprint within Installers & Scripts > Custom Scripts.

Meanwhile, the configuration profile can be enabled within Profiles > Custom Profile.

Select 'Save' Library items to add the configuration profile and deployment script to the Blueprint. ThreatLocker will be installed the next time the Kandji agent checks in.

Was this article helpful?