Nightfall macOS Agent Deployment: Kandji MDM

This document explains the process of installing Nightfall AI agent using the Kandji MDM.

Prerequisites

  • The Kandji APN is set.

  • The target macOS devices are onboarded.

  • On your Nightfall console, navigate to https://app.nightfall.ai/endpoint and click the Download Package button on the top right corner of the page. Click Download Package for macOS and unpack the contents of the downloaded file.

To install the Nightfall agent in stealth mode (without notifying the end-user), see Install Nightfall AI Agent for MAC OS.

mdm_pre_installation_script.sh

The script is used by MDMs to ensure that a macOS machine is in a clean state before installing the Nightfall Agent. It wipes any existing Nightfall installation and prepares a clean environment for a new install, including:

  • Loading API keys

  • Rebuilding folders

  • Resetting launch daemons

NightfallAI_Profile_with_Browser_Extension.mobileconfig

This profile is designed to pre-authorize and enable what the Nightfall Endpoint Agent requires on a macOS machine without needing user prompts.

  • Silently installs/enables the Nightfall browser extension

  • Allows the extension to run without prompts

  • Authorizes required permissions (content inspection, file uploads, scanning)

  • Grants macOS Privacy Permissions required by Nightfall:

    • Full Disk Access (FDA)

    • System Events/Automation Permissions

    • Application Control Permissions

  • Configures the payloads for browser + system integration

  • Prevents users from tampering with the security controls

Create a Blueprint

  1. Navigate to https://<your-company-name>.kandji.io/blueprints

  2. Click New Blueprint on the top right corner.

  3. Click New Blueprint on the pop up menu.

  4. Enter a name for the blueprint in the Blueprint name field.

  5. Enter a description for the blueprint in the Blueprint description field.

  6. Click Create Blueprint.

Create Custom Profiles

In this section, we create a custom profile for each of the profiles provided in the Nightfall endpoint payload and assign them to the blueprint you have created in the previous section.

  1. In the downloaded folder, locate the README.md under /Profiles to learn about the various MDM profiles available.

    1. Choose the NightfallAI_Profile_with_Browser_Extensions.mobileconfig.

  2. Navigate to https://<your-company-name>.kandji.io/library.

    a. Click Add new.

b. Select Custom Profile and click Add & Configure on the pop-up window.

c. Add Title, Select Blueprint, and finally drag and drop the .mobileconfig file.

d. Click Save.

Create a Custom App

In this section, we will create a custom app item for Nightfall Endpoint Agent.

  1. Navigate to https://<your-company-name>.kandji.io/library.

  2. Click Add New.

  1. Click Custom App

  2. Click Add & Configure on the pop-up window.

a. Add Title, Select the Blueprint you previously created.

b. Select the Audit and enforce option.

c. Paste the content of mdm_kandji_audit_script into the Audit Script text box.

d. Choose the Installer Package option.

e. Add Preinstall Script & Upload the installer package.

I. Paste the content of mdm_pre_installation_script into the Pre-install Script text box.

II. Upload the installer package

i. Drag and drop or click to upload the provided nightfall-ai-agent_v*.*.*.pkg file

  1. Save the change and wait for the changes to get deployed on the node machine.

PreviousNightfall macOS Agent Deployment: JumpCloud MDMNextNightfall macOS Agent Deployment: Rippling MDM

Last updated

Was this helpful?