Nightfall macOS Agent Deployment: JAMF MDM

This document explains the process of installing the Nightfall AI agent using JAMF.

The JAMF installation consists of the following steps.

  1. Upload Device Profiles to Jamf Pro

  2. Upload and Add the Pre-Installation Check Script

  3. Upload and Add the Pre-Installation Script

  4. Upload the Nightfall App Package

  5. Create a Policy and Add scripts and package

Prerequisites

  • Target macOS devices are onboarded.

  • On your Nightfall console, navigate to https://app.nightfall.ai/endpoint and click the Download Package button on the top right corner of the page. Click Download Package for macOS and unpack the contents of the downloaded file.

To install the Nightfall agent in stealth mode (without notifing the end-user), see Install Nightfall AI Agent for MAC OS.

mdm_pre_installation_script.sh

The script is used by MDMs to ensure that a macOS machine is in a clean state before installing the Nightfall Agent. It wipes any existing Nightfall installation and prepares a clean environment for a new install, including:

  • Loading API keys

  • Rebuilding folders

  • Resetting launch daemons

NightfallAI_Profile_with_Browser_Extension.mobileconfig

This profile is designed to pre-authorize and enable what the Nightfall Endpoint Agent requires on a macOS machine without needing user prompts.

  • Silently installs/enables the Nightfall browser extension

  • Allows the extension to run without prompts

  • Authorizes required permissions (content inspection, file uploads, scanning)

  • Grants macOS Privacy Permissions required by Nightfall:

    • Full Disk Access (FDA)

    • System Events/Automation Permissions

    • Application Control Permissions

  • Configures the payloads for browser + system integration

  • Prevents users from tampering with the security controls

1

Step 1 - Upload The Nightfall MDM Profile of your choice to Jamf Pro

  1. In the downloaded folder, locate the README.md under /Profiles to learn about the various MDM profiles available.

    1. Choose NightfallAI_Profile_with_Browser_Extensions.mobileconfig.

  2. Log in to your Jamf Pro account.

  3. Navigate to Computers > Configuration Profiles.

  4. Click the Upload button.

  5. Click the Upload button and upload NightfallAI_Profile_with_Browser_Extensions.mobileconfig.

  6. In the Scope tab, add the target devices or device groups to which this profile should be deployed.

  7. Click Save.

Once assigned, profiles will be automatically deployed as part of the next Jamf inventory cycle.

The MDM profile has to be deployed on target machines prior to deploying additional payload. In Jamf, you can enforce this requirement through the creation of a Smart Group in which you can set the presence of the profile created above as a pre-requisite for any other payload targeting the group.

2

Step 2 - Upload and Add Pre-Installation Check Script

This script checks if the required profiles are installed and that the endpoint agent is at the desired version.

  1. Unpack the zip file provided and locate the mdm_pre_install_check_script.sh file under the .\\mdm_scripts\\ folder

  2. On Jamf Pro, navigate to Computers > Scripts.

  3. Click the New button.

  4. Enter a display name for the script (e.g., "Nightfall AI Pre-Installation Check").

  5. Click on the Script tab

  6. Paste the contents of mdm_pre_install_check_script.sh into the script editor.

  7. Click Save.

3

Step 3 - Upload and Add the Pre-Installation Script

This script configures the target machine and prepares it to connect to your Nightfall instance once the package is deployed.

  1. Locate the mdm_pre_installation_script.sh file under the .\\mdm_scripts\\ folder

  2. On Jamf Pro, navigate to Computers > Scripts.

  3. Click the New button.

  4. Enter a display name for the script (e.g., "Nightfall AI Pre-Installation Script").

  5. Paste the contents of mdm_pre_installation_script.sh into the script editor.

  6. Click Save.

4

Step 4 - Upload the Nightfall App Package

  1. Navigate to Settings > Packages.

  2. Click the New button.

  3. Enter a display name for the package (e.g., "Nightfall AI Agent").

  4. Click the Choose File button and upload nightfall-ai-agent-signed.pkg.

  5. Click Save.

5

Step 5 - Create a Policy and Add scripts and package

  1. Navigate to Computers > Policies.

  2. Click the New button.

  3. Enter a display name for the policy (e.g., "Deploy Nightfall AI").

  4. Click General from the left pane & configure the Trigger and Execution Frequency as needed.

  5. Click Package from the left pane & click on configure

  6. Add Nightfall AI Agent package

  7. Click on Scripts from the left pane & click on configure

  8. Add Pre-Install Check Script and Pre-Install Script. Ensure the Priority is Before and the sequence is [ The scripts must be run once & in sequence to prepare the machine for the package install. ] -

    1. Pre-Install Check Script

    2. Pre-Install Script

  9. Click on Scope and determine the Target, Limitations, and Exclusions per need.

  10. Click Save.

PreviousManual InstallationNextNightfall macOS Agent Deployment: JumpCloud MDM

Last updated

Was this helpful?