Plan configuration profiles can be downloaded from your Jamf Protect tenant in .mobileconfig format and deployed to computers via an MDM solution.
Downloaded configuration profiles are signed.
Plan configuration profiles must be deployed via a user-approved MDM solution.
The Root CA will appear as untrusted on computers when installed via a plan configuration profile.
A plan configuration profile includes the following payloads:
- Applications & Custom Settings —
Includes plan settings, analytics, action configuration
- Privacy Preferences Policy Control (PPPC) —
Grants Jamf Protect full disk access.
- System Extension —
Safelists the Jamf Protect system extension on computers
- Certificates —
Deploys Root CA Certificate, Certificate Request Identity, WebSocket Authorizer Key
When plans are deployed using Jamf Pro or another MDM solution, the Privacy Preferences Policy Control (PPPC) payload (within the configuration profile) automatically allows Jamf Protect full disk access.
When deploying plans manually, without an MDM solution; an administrator will need to enable Full Disk Access for Jamf Protect on the destination computer by navigating to .