Downloading a Custom Plan to Install on Unmanaged Computers

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

You can customize which configuration profile payload settings and certificates are included with a plan when you download it from the macOS Security portal. This allows you to deploy Jamf Protect in more complex environments or install Jamf Protect without an MDM solution.

Requirements

One or more plans created in Jamf Protect.

  1. In Jamf Protect, click Plans.
  2. Select an existing plan.
  3. Click the Profile Download button on the plan page and select Custom download .
  4. Deselect the the following from the profile options list:

    • Include System Extension payload

    • Include PPPC payload

    • Include Login and Background Item payload

    These options must be deselected to install the plan on computers that are not enrolled in an MDM solution.

  5. (Optional) Deselect any of the following additional checkboxes from the profile options list:

    • Sign the Profile

    • Include Websocket Certificate

    • Include Certificate Authority

    • Include Certificate Signing Request Certificate

    • Include Bootstrap Token

  6. Click Download.

The plan downloads to your computer and can be installed with the Jamf Protect PKG.

Note:

When plans are deployed using Jamf Pro or another MDM solution, the Privacy Preferences Policy Control (PPPC) payload (within the configuration profile) automatically allows Jamf Protect full disk access.

When deploying plans manually, without an MDM solution; an administrator will need to enable Full Disk Access for Jamf Protect on the destination computer by navigating to System Settings > Privacy & Security > Full Disk Access.

Note:

If the configuration profile is installed manually, Jamf Protect automatically runs in Launch Daemon mode. Run the following command to switch to System Extension mode.

sudo protectctl repair -f