# Nightfall macOS Agent Deployment: Workspace ONE UEM

### Pre-Requisites <a href="#pre-requisites" id="pre-requisites"></a>

1. Confirm that the macOS devices are enrolled and managed through your MDM.
2. Confirm that a device group has been set up for deployment.
   * From UEM, navigate to Groups & Settings > Groups > Assignment Groups > click "+ Add Smart Group" and follow the prompts
3. Download "mac\_bundle.zip" from the Nightfall console:
   1. Log into Nightfall > Integrations > Manage (Endpoint macOS) > click "Download Package" > click "Download Package for macOS"
   2. Unpack the file.

{% hint style="warning" %}
The steps below will immediately push to the Assignment Group what is being published at that time.  To deploy everything at once and in a specific flow, use the Freestyle Orchestrator feature.

**This guide does not cover the Freestyle Orchestrator Workflow.**
{% endhint %}

### Workspace ONE Deployment Video (macOS Agent) <a href="#step-1-workspace-one-create-scripts" id="step-1-workspace-one-create-scripts"></a>

{% embed url="<https://7729582.fs1.hubspotusercontent-na1.net/hubfs/7729582/Jared%20demo%20videos/Nightfall%20macOS%20Agent%20Deployment%20Using%20Workspace%20ONE%20UEM.mp4>" %}

### Step 1: Deploy Nightfall Scripts <a href="#step-1-workspace-one-create-scripts" id="step-1-workspace-one-create-scripts"></a>

This step deploys one script - the `pre_installation_script`. The "*pre installation script*" ensures the machine is in a clean state for the Nightfall install and wipes any preexisting Nightfall installations.

1. From UEM, navigate to Resources > Scripting > Scripts > click "Add" > select "macOS"
2. Add the Nightfall **Pre-Installation Script:**
   1. Name the script "Nightfall Pre-Installation Script" and add a description.
   2. Confirm the language is "Bash".
   3. Click "Upload" > navigate to "mac\_bundle" > "mdm\_scripts" > and select the `mdm_pre_installation_script.sh` > click "Open" > click "Next"
   4. Click "Save".
3. Assign the **Pre-Installation Script** to the smart group.
   1. From the Scripts page > select the "Nightfall Pre-Installation Script" > click "Assign"
   2. Click "New Assignment" at the top-left.
   3. Name the assignment and select a smart group.\
      **NOTE**: This should be the same group as the previous script step.
   4. Click "Next"
   5. Select "Run Once Immediately" > Click "Add"
   6. Click "Save and Publish"

### Step 2: Deploy Nightfall’s Custom Profile <a href="#step-2-deploy-workspace-one-profile" id="step-2-deploy-workspace-one-profile"></a>

This step deploys the mobileconfig profile to push the browser extension and to give permissions to the agent.  Always make sure this step takes place before Step 3 - deploying the PKG.

1. From Workspace ONE UEM, navigate to Resources > Profiles & Baselines > Profiles
2. Click the "Add" dropdown > select "Upload Profile" > Select platform: "Apple macOS"
3. Select "Device Profile" (if desired)
4. Click "Upload" > "Choose File" > navigate to mac\_bundle > profiles
5. Select the mobileconfig entitled, `NightfallAI_Profile_with_Browser_Extensions.mobileconfig`\
   **NOTE**: If the "with\_browser\_extensions" file is not selected it will not deploy the Nightfall extension within the browser and key functionality of Nightfall could be lost.
6. Click "Save" > click "Continue".
7. Under "Smart Groups", assign target devices by adding the group previously created from the Prerequisite steps.\
   **NOTE**: All other settings are optional and depend upon your organization's preference.
8. Click "Save and Publish"
9. Review to confirm that the device assignment is correct.
10. Click "Publish"

Once published, the profile will be automatically deployed to target machines.

{% hint style="info" %}
The Profiles page needs refreshed to see the new profile.  Come back to this page and click "View" to see the status of the deployment.
{% endhint %}

### Step 3: Deploy Nightfall's .PKG <a href="#step-3-workspace-one-deploy-pkg" id="step-3-workspace-one-deploy-pkg"></a>

This step deploys the PKG, which pushes out the agent to the targeted devices.

1. From UEM, navigate to Resources > Apps > Native Apps
2. Click "Add" dropdown > select "Application File"
3. Click "Upload" > tick "Local File" > Click "Choose File" > select `nightfall-ai-agent-signed.pkg` > click "Open" > click "Save" > click "Continue"
4. Select the preferred Deployment Type as "Full Software Management"
5. Download and run the Workspace One Admin Assistant and follow the steps to generate a .plist for the Nightfall PKG.
6. Click "Upload" > click "Choose File" > navigate to the plist file > click "Open" > click "Save"
7. Click "Continue" > navigate to the "Images" tab > drag over the Nightfall icon generated
8. Click "Save & Assign"
9. Name the Distribution and add a description.
10. Choose the same "Assignment Group" as in Step 2.
11. Adjust the "App Delivery Method" accordingly > click "Create"
12. Click "Save"
13. Review the devices being deployed to, and if correct click "Publish".

### How to Perform an Upgrade <a href="#how-to-perform-an-upgrade" id="how-to-perform-an-upgrade"></a>

Nightfall upgrades the agents automatically when the latest version is available from the console.  To push a newer version from Workspace One UEM out-of-band simply perform [Step 3](https://app.gitbook.com/o/-Mg3xZhQfe7dJYwKq3wL/s/ZeqNSdo8J8cLJPU3Gs5M/~/edit/~/changes/128/exfiltration_endpoint/installation_mac/nightfall-macos-agent-deployment-workspace-one-uem#step-3-workspace-one-deploy-pkg) again by uploading a new package.

{% hint style="info" %}
Once a managed package is uploaded, as in Step 3, it is not possible to upload another package within the already created app.  A newly created Native App will be required.
{% endhint %}