Team: Huntress Managed Endpoint Detection and Response
Product: Jamf Pro
Environment: macOS
Summary: Automated Huntress Agent deployment with Jamf Pro using a mobileconfig file and an installation script.

It is imperative that the mobileconfig file be successfully applied to the macOS endpoint(s) before pushing the installation script.

Jamf Pro is a complex and powerful tool for managing endpoints and mobile devices. This guide uses basic settings to deploy the Huntress Agent on macOS devices. Your specific Jamf setup may require tweaking or changes. Huntress Support is not able to perform advanced Jamf Pro troubleshooting. Please consult Jamf documentation or their support channels for further assistance.

Getting Started

Download our mobileconfig file by accessing the link and clicking "Download raw file"

Installing the mobileconfig file

The mobileconfig profile must be successfully deployed to the endpoint(s) before installing the Huntress Agent.

The mobileconfig profile allows for a silent installation of the Huntress Agent on your macOS endpoints by bundling the necessary permissions required for Huntress to run before you deploy. When the mobileconfig is applied correctly, the Huntress Agent installation will be invisible to the end user.

Access the Jamf Pro Dashboard:

Navigate to Computers > Configuration Profiles > Click "Upload"
- Select the Huntress Mobileconfig file you downloaded

Saving the macOS Configuration File:

Please don't modify or adjust the various settings in the Options column, as this can lead to missing permissions, which will prevent a silent deploy and may require manual work to resolve.

Options > General:

The default name for the Configuration Profile is "Huntress Agent with System Extension v3"
- This is the name that will appear for the profile within the Device Management section on the endpoint itself
Leave the Category as "None"
Level should be "Computer Level"
Distribution Method should be set to "Install Automatically"

Scope:

This is where you can add the specific devices or users for the Configuration Profile to be applied:

Once you have added the necessary Targets, Limitations, and/or Exclusions, click "Save" in the bottom right corner of the page.

Review of the Configuration Profile:

You will now see the new Configuration Profile listed:

Click on the profile for more details.

The Options column should only list the settings/payloads that were included within the Huntress mobileconfig:

The Scope will include the targets you specified:

Confirming the Custom Configuration Profile Has Been Applied:

While viewing the Huntress Configuration Profile, click the "Logs" button in the bottom right corner to view which device(s) / user(s) have successfully received the profile:

If you have access to the endpoint, you can confirm the presence of the Huntress mobileconfig manually:

Click the Apple Icon (top left corner of your screen) > System Settings > General > Device Management
- The Huntress mobileconfig will show up in this list if it has been applied to the machine

The Huntress mobileconfig should include the following information:

Content Filter Service
Login Items Policy
Privacy Preferences Policy Control
System Extension Policy Control

Once the Huntress mobileconfig policy has been successfully applied to the endpoint(s), you can proceed to the next phase and install the Huntress Agent.

Installing the Huntress Agent via Installation Profile

If you've made it this far and have not installed the Huntress mobileconfig file, please stop what you're doing and return to the previous section.

Create Your Installation Script:

Navigate to Settings > Computer Management > Scripts
- Click "New+" (in the top right corner)
  - Give your script a name and description

Add Script:

Click on the "Script" tab
- Mode: Default
- Theme: Matrix (because it's cool)

Copy the code from our InstallHuntress-macOS-bash script and paste it into the Jamf Text Editor

Add your Account Key to Line 43
Add your Org Key to Line 47
Add "Jamf PRO" to Line 51
- Click "Save" (bottom right corner)

Create Your Installation Profile

Navigate to Computers > Policies

Click "New" (top right corner)

There's a lot going on here, but fortunately, we don't need to interact with most of the options.

Add a meaningful display name for the policy
- Make sure the policy is Enabled
Select your favorite Trigger
- Recurring Check-in is a safe choice as it allows enough time for the Configuration Policy to be applied before the Huntress Agent Installation occurs
Execution Frequency: Once per computer

Navigate to the Scripts section within the Options column:

Click Configure
- Add the script you made from the previous Create Your Installation Script section:

Navigate to the Scope tab:

Add the specific devices or users for the Huntress Installation Profile to be applied

Once you have added the necessary Targets, Limitations, and/or Exclusions, click "Save" in the bottom right corner of the page.

Checking the Huntress Installation Profile Status:

The timing of your Huntress Agent Installation will depend on the Trigger that was selected to initiate the policy.

Navigate to Computers > Policies > Click on the Huntress Agent Install profile
- When viewing the profile, click the Logs button (bottom right corner)
  - Check the Status column

If the Status is anything other than Completed, you can click the details button in the Actions column to learn more about why the installation failed.

Obtaining the Huntress Log Files to Send to Support:

If the Trigger events have occurred, and you still don't see the Huntress Agent within the Huntress Dashboard, you will need to review the HuntressInstaller.log and HuntressAgent.log files on the endpoint to gather more information.

These log files are located at:

/Users/Shared/

and

/Library/Application Support/Huntress/HuntressAgent/

Please share the HuntressInstaller.log and HuntressAgent.log files with our Product Support team, and we'll work together to address any issues.