search

Nightfall macOS Agent Deployment: Workspace ONE UEM

Below is a step-by-step guide to deploy the Nightfall Endpoint DLP agent for macOS using Workspace ONE UEM.

hashtag
Pre-Requisites

  1. Confirm that the macOS devices are enrolled and managed through your MDM.

  2. Confirm that a device group has been set up for deployment.

    • From UEM, navigate to Groups & Settings > Groups > Assignment Groups > click "+ Add Smart Group" and follow the prompts

  3. Download "mac_bundle.zip" from the Nightfall console:

    1. Log into Nightfall > Integrations > Manage (Endpoint macOS) > click "Download Package" > click "Download Package for macOS"

    2. Unpack the file.

hashtag
Step 1: Create Nightfall Scripts

This step deploys two scripts - the pre_installation_check_script and the pre_installation_script. The "check script" verifies the required profiles are installed and the endpoint is at the latest version. The "pre installation script" ensures the machine is in a clean state for the Nightfall install and wipes any preexisting Nightfall installations.

  1. From UEM, navigate to Resources > Scripting > Scripts > click "Add" > select "macOS"

  2. Add the Nightfall Pre-Installation Check Script:

    1. Name the script "Nightfall Pre-Installation Check Script" and add a description.

    2. Confirm the language is "Bash".

    3. Click "Upload" > navigate to "mac_bundle" > "mdm_scripts" > and select the mdm_pre_installation_check_script.sh > click "Open" > click "Next"

    4. Click "Save". NOTE: No need to add variables.

  3. Add the Nightfall Pre-Installation Script:

    1. Name the script "Nightfall Pre-Installation Script" and add a description.

    2. Confirm the language is "Bash".

    3. Click "Upload" > navigate to "mac_bundle" > "mdm_scripts" > and select the mdm_pre_installation_script.sh > click "Open" > click "Next"

    4. Click "Save".

  4. Assign the scripts to the device group.

    1. Assign the Pre-Installation Check Script:

      1. From the Scripts page > select the "Nightfall Pre-Installation Check Script" > click "Assign"

      2. Click "New Assignment" at the top-left.

      3. Name the assignment and select a smart group. NOTE: This will be the group you have created as a prerequisite.

      4. Click "Next"

      5. Select "Run Once Immediately" > Click "Add"

      6. Click "Save and Publish"

    2. Assign the Pre-Installation Script:

      1. From the Scripts page > select the "Nightfall Pre-Installation Script" > click "Assign"

      2. Click "New Assignment" at the top-left.

      3. Name the assignment and select a smart group. NOTE: This should be the same group as the previous script step.

      4. Click "Next"

      5. Select "Run Once Immediately" > Click "Add"

      6. Click "Save and Publish"

hashtag
Step 2: Deploy Nightfall’s Custom Profile

This step deploys the mobileconfig profile to push the browser extension and to give permissions to the agent. Always make sure this step takes place before Step 3 - deploying the PKG.

  1. From Workspace ONE UEM, navigate to Resources > Profiles & Baselines > Profiles

  2. Click the "Add" dropdown > select "Upload Profile" > Select platform: "Apple macOS"

  3. Select "Device Profile" (if desired)

  4. Click "Upload" > "Choose File" > navigate to mac_bundle > profiles

  5. Select the mobileconfig entitled, NightfallAI_Profile_with_Browser_Extensions.mobileconfig NOTE: If the "with_browser_extensions" file is not selected it will not deploy the Nightfall extension within the browser and key functionality could be lost.

  6. Click "Save" > click "Continue".

  7. Under "Smart Groups", assign target devices by adding the group previously created from the Prerequisite steps. NOTE: All other settings are optional and depend upon your organization's preference.

  8. Click "Save and Publish"

  9. Review to confirm that the device assignment is correct.

  10. Click "Publish"

Once assigned, the profile will be automatically deployed to target machines.

circle-info

The Profiles page needs refreshed to see the new profile. Come back to this page and click "View" to see the status of the deployment.

hashtag
Step 3: Deploy Nightfall's .PKG

This step deploys the PKG, which pushes out the agent to the targeted devices.

  1. From UEM, navigate to Resources > Apps > Native Apps

  2. Click "Add" dropdown > select "Application File"

  3. Click "Upload" > tick "Local File" > Click "Choose File" > select nightfall-ai-agent-signed.pkg > click "Open" > click "Save" > click "Continue"

  4. Select the preferred Deployment Type (e.g., Expedited Delivery or Full Software Management)

  5. Click "Continue" > click "Save & Assign"

  6. Name the Distribution and add a description.

  7. Choose the same "Assignment Group" as in Step 2.

  8. Adjust the "App Delivery Method" accordingly > click "Create"

  9. Click "Save"

  10. Review the devices being deployed to, and if correct click "Publish".

hashtag
How to Perform an Upgrade

NOTE: Nightfall upgrades the agents automatically when the latest version is available from the console. To push a newer version from Workspace One UEM out-of-band simply perform Step 3arrow-up-right again.

PreviousNightfall macOS Agent Deployment: Rippling MDMNextInstall Nightfall AI Agent for Windows OS

Last updated

Was this helpful?