You can distribute and install packages that support the enrollment process during Automated Device Enrollment.
On computers with macOS 10.14.4 or later, you can add and install multiple packages.
You must upload packages to Jamf Pro prior to adding them to a PreStage enrollment. Packages must meet the following criteria when deployed via Automated Device Enrollment:
- Signed distribution packages —
PKGs must be signed using a certificate that is trusted by the device at the time of enrollment. Jamf recommends using a certificate generated from either the Jamf Pro built-in certificate authority (CA) or from an Apple Developer Program account. For more information, see the Creating a Signing Certificate Using Jamf Pro's Built-in CA to Use for Signing Configuration Profiles and Packages article. You can use Composer or a third-party packaging tool to build a signed PKG. For more information about building packages using Composer, see Package Building in the Composer User Guide.
- Package hosting —
Cloud distribution points in Jamf Pro automatically meet packaging hosting requirements.
If using an HTTPS distribution point, the following is required:
The distribution point web server cannot require authentication.
You can also secure the download of the enrollment package from an external distribution server using a JSON Web Token (JWT) in Jamf Pro. This ensures that enrollment packages are downloaded securely to computers from external distribution servers. For more information, see JSON Web Token for Securing In-House Content.
The distribution point must be reachable by enrolling computers and not hosted on a private network.
The SSL certificate must be trusted by enrolling computers.
Using a publicly trusted SSL certificate is recommended. Alternatively, you can include a configuration profile with a certificate authority (CA) configured in the PreStage enrollment. Using Internet Information Services (IIS) to enable HTTPS downloads on a Windows Server 2016 or 2019 file share distribution point is not supported.
- Custom manifest file —
Packages must have a corresponding manifest file in PLIST format that contains the URL to download the package from an HTTPS server and other required information for the package. By default, Jamf Pro creates this file when you upload it directly to Jamf Pro. If your environment uses an HTTPS server that is not a Jamf Pro HTTPS-capable distribution point to host your packages, you must create a custom manifest file and upload it along with the package to Jamf Pro. To use a custom manifest file, ensure that you upload the file when you upload the package. For more information about uploading packages to Jamf Pro, see Package Management.
For more information about creating and hosting a manifest file, see the Prepare a proprietary in-house app for wireless distribution in Apple Platform Deployment.
- Multiple packages — Adding multiple PKGs is only supported for computers with macOS 10.14.4 or later.