MDM Requirements with Jamf Protect

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Deploying Jamf Protect capabilities to managed devices using a UEM or MDM solution is not required but highly recommended. Common solutions include:

  • Jamf Pro

  • Jamf School

  • VMWare Workspace ONE 8.4.3 or later with Orange license or higher

  • Microsoft Intune

  • IBM MaaS360

  • Ivanti Endpoint Manager Mobile 9.2 or later

  • Ivanti Neurons for MDM Gold license

  • Citrix Endpoint Manager

For more information on integrating the Jamf Protect 's macOS Security Cloud portal with Jamf Pro, see Automatically Deploy Jamf Protect Using Jamf Pro in the Jamf Trusted Access Solution Guide for Business.

For more information about integrating Jamf Security Cloud with a UEM or MDM solution, see UEM Vendor Integration in the Jamf Security Cloud Portal Setup Guide.

User Permission Requirements for macOS Security Capabilities

When using an MDM solution to manage computers, you must safelist certain Jamf Protect processes to ensure the application runs correctly. The following Apple MDM payloads must be installed on computers with Jamf Protect:

Privacy Preferences Policy Control (PPPC)

This payload grants Jamf Protect full disk access on managed computers.

System Extensions
Jamf Protect runs as a system extension on macOS by default. This payload safelists the system extension on managed computers. You can use this payload to prevent users from removing Jamf Protect on computers with macOS 15* or later.
Login and Background Items

On macOS 13 or later, users are prompted to allow certain login items and background process to run. This payload ensures that users cannot disable Jamf Protect on managed computers.

Note:

On computers enrolled with Jamf Pro 10.42.0 or later, this payload is automatically installed.

These payloads are available using these methods:

  • As a payload that is automatically included in a downloaded plan.

    Note:

    Jamf Protect plans do not include settings that make Jamf Protect a non-removable system extension on computers with macOS 15 or later. To enforce this setting, distribute it as a separate configuration profile. For more information, see Making Jamf Protect a Non-Removable System Extension.

  • As separate configuration profiles that you can download from Jamf Protect's macOS Security portal by navigating to Administrative > Downloads, and then upload to an MDM solution or install locally.

  • Directly in Jamf Pro by navigating to Settings > Computer management > Security.

For more information about each payload, see MDM payload list for Mac computers in Apple Platform Deployment.

Android Enterprise Modes

Jamf recommends using Android Enterprise to help you enroll Android devices with the Jamf Security Cloud. For more information on compatibility with Android Enterprise, see .