Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Deploying the macOS Agent via JAMF

            Introduction

            This article will walk you through installing the endpoint agent via Microsoft Intune and has multiple steps.


            Table of contents


            Overview

            When deploying the installer package file (.pkg), the license needs to be distributed prior to installing the endpoint agent using a device configuration profile. 


            Additionally, you’ll need two other MDM configuration profiles: one for explicitly allowing the system extension, and one to provide it with the TCC Full Disk Access permission.


            Refer to the official Jamf documentation for an in-depth workflow.


            For convenience, the following sample configuration profiles (.mobileconfig) have been included with the endpoint agent installer bundle (.zip package):

            • .\mdm\macos\generic\covalence_license.mobileconfig
            • .\mdm\macos\generic\covalence_sysext.mobileconfig
            • .\mdm\macos\generic\convalence_ttc.mobileconfig


            Deploying the Endpoint Agent via Jamf

            Add the Covalence License

            Use the following manuals steps. A Jamf-specific covalence_license.mobileconfig can alternatively be provided.

            1. Go to Configuration Profiles.
            2. Select New.
            3. Set the Name to Covalence macOS License.
            4. Go to Applications & Custom Settings > Upload.
            5. At the Upload screen press the Add button and:
              1. Set Preference Domain to com.fieldeffect.covalence
              2. Set the Property List to where [license] is replaced with your license string:

            <?xml version="1.0" encoding="UTF-8"?>

                    <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

                    <plist version="1.0">

                         <dict>

                             <key>License</key>

                             <string>[license]</string>

                         </dict>

                     </plist>

            Press the Save button in the bottom right corner.


            Add explicit system extension approval

            If there is an issue with the covalence_sysext.mobileconfig not uploading properly, use the following manual steps in the interim:

            1. Go to Configuration Profiles.
            2. Select New.
            3. Set the Name to Covalence macOS System Extensions.
            4. Go to System Extensions.
            5. At the Configure System Extensions screen click the Configure button.
            6. Unselect the Allow users to approve system extensions if you don't want users installing agents.
            7. Under Allowed Team IDs and System Extensions:
              1. Set the Display Name to Field Effect Software Inc.
              2. Set the System Extension Types to Allowed System Extensions.
              3. Set the Team Identifier to KSBE8M6M6F.
              4. Under ALLOWED SYSTEM EXTENSIONS click the Add button and:
                1. Set the empty field to com.fieldeffect.covalence.esext
                2. Press the Save on the adjacent line


            Press the Save button in the bottom right corner.


            Add explicit TCC approvals

            1. Go to Configuration Profiles.
            2. Select New.
            3. Set the Name to Covalence macOS Privacy Policies.
            4. Go to Privacy Preferences Policy Control.
            5. At the Configure Privacy Preferences Policy Control screen press the Configure button.
            6. If an App Access group doesn't exist press the “+” button to add one.
            7. Under App Access:
              1. Set the Identifier to com.fieldeffect.covalence
              2. Set the Identifier Type to Bundle ID
              3. Set the Code Requirement to:

             identifier "com.fieldeffect.covalence" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = KSBE8M6M6F

            1. Unselect Validate the Static Code Requirement if selected.
            2. Click the Add button adjacent to APP OR SERVICE.
            3. Under APP OR SERVICE select SystemPolicyAllFiles.
            4. Under ACCESS select Allow.
            5. Click the Save button on the adjacent line.
            6. Add another App Access group.
              1. Set the Identifier to com.fieldeffect.covalence.esext.
              2. Set the Identifier Type to Bundle ID.
              3. Set the Code Requirement to:

            identifier "com.fieldeffect.covalence.esext" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] and certificate leaf[field.1.2.840.113635.100.6.1.13] and certificate leaf[subject.OU] = KSBE8M6M6F

            1. Unselect Validate the Static Code Requirement if selected.
            2. Click the Add button adjacent to APP OR SERVICE.
            3. Under APP OR SERVICE select SystemPolicyAllFiles.
            4. Under ACCESS select Allow.
            5. Click the Save button on the adjacent line.
            6. Press the Save button in the bottom right corner.

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0