# Nightfall macOS Agent Deployment: Rippling MDM {% hint style="info" %} **NOTE**: Rippling MDM has a requirement where the .mobileconfig profile has to be uploaded from a MacBook. It cannot be uploaded from another type of OS; otherwise the upload will not stick. {% endhint %} Please note there are two parts to this process: 1. Deploy the "mobileconfig" that pushes the profile and permissions. 1. **Step 1** - [Create & Deploy Profiles](#step-1-create-and-deploy-profiles) 2. Deploy the agent via the .PKG and scripts. 1. **Step 2.1** - [Create & Configure the Software Package](#step-2-configure-and-deploy-software-package) 2. **Step 2.2** - Deploy the Nightfall Endpoint DLP Agent {% hint style="warning" %} **IMPORTANT**: Both Steps 1 and 2 require defining the devices to deploy to. This means that the "mobileconfig" profile requires the devices to be selected to assign to, and the agent requires selecting the devices to assign to as well. Ideally, both lists should match. {% endhint %} ## **Prerequisites** Confirm the following: * The macOS devices are onboarded. * Download the package from the console: * On your Nightfall console, navigate to * Click **Download Package for macOS** * Unpack the contents of the downloaded file. * (Optional) In the downloaded folder, locate the README.md under /Profiles to learn about the various MDM profiles available. After confirming, move to "**Step 1**" as shown below. {% hint style="info" %} To install the Nightfall agent in stealth mode (without notifying the end-user), see [Install Nightfall AI Agent for Mac](/data-exfiltration-prevention/exfiltration_endpoint/installation_mac.md#stealth-installation). {% endhint %}
mdm_pre_installation_script.sh

The script is used by MDMs to ensure that a macOS machine is in a clean state before installing the Nightfall Agent. It wipes any existing Nightfall installation and prepares a clean environment for a new install, including:

  • Loading API keys
  • Rebuilding folders
  • Resetting launch daemons
NightfallAI_Profile_with_Browser_Extension.mobileconfig

This profile is designed to pre-authorize and enable what the Nightfall Endpoint Agent requires on a macOS machine without needing user prompts.

  • Silently installs/enables the Nightfall browser extension
  • Allows the extension to run without prompts
  • Authorizes required permissions (content inspection, file uploads, scanning)

  • Grants macOS Privacy Permissions required by Nightfall:

    • Full Disk Access (FDA)
    • System Events/Automation Permissions
    • Application Control Permissions
  • Configures the payloads for browser + system integration
  • Prevents users from tampering with the security controls
{% stepper %} {% step %} ## Step 1 - Create & Deploy Profiles In this step, you will create a custom profile for each of the profiles provided in your Nightfall endpoint payload. 1. Locate `NightfallAI_Profile_with_Browser_Extensions.mobileconfig` in the downloaded Nightfall Endpoint payload package. 2. Navigate to and click **Upload**. 3. Upload and save provided config profile. * **Policy name:** “Nightfall AI Agent Profile” * **Policy description:** “Nightfall AI Agent profile” * **Platform:** “macOS” * Drop or select `NightfallAI_Profile_with_Browser_Extensions.mobileconfig`. * Click **Save & continue**. 4. Navigate to . Click the three-dot context menu located on the far right of the new profile. **Deploy** from * Select all employees or specific target devices. * Click **Save** to deploy the software. {% endstep %} {% step %} ## Step 2 - Configure & Deploy Software Package ### Step 2.1 - Create & Configure the Software Package 1. Navigate to: 2. Click **Upload Software** on the right of the page. * **Name:** “Nightfall Endpoint DLP Agent ``” * `` is the version of the package your received from Nightfall. * **Operating System:** “macOS” * **Category:** “My Uploads” (Default) * **Description:** “Nightfall Endpoint DLP Agent”. * **Upload Installer File:** drop or select the provided `nightfall-ai-agent-signed.pkg` file. * **Install-check script:** provided in your package as `mdm_pre_install_check_script.sh` * **Pre-install script:** provided in your package as `mdm_pre_installation_script.sh` * Click **Submit**. * Click **Add** on the newly created Software Item. * Click **Finished Selecting**. ### Step 2.2 - Deploy the Nightfall Endpoint DLP Agent 1. Search or scroll to the newly added Software Item matching the name you used in "Step 2.1". 2. Click **Edit.**\ \ **NOTE:** If the Software Item was just recently created it may take a few minutes to leave from the "Pending" status.
3. Select all employees or specific target devices. 4. Click **Save**. The Nightfall Endpoint DLP Agent will now deploy to all selected target devices. This may take up to 72 hours and is dependent on the endpoint devices being turned on, connected, and pre-requisite profiles deployed. {% endstep %} {% endstepper %} ## Upgrading to a New Version The below describes the steps to upgrade endpoints with a new version of the agent: 1. Search or scroll to the **old version** of the Nightfall Endpoint DLP Agent and click “Edit”. a. Remove **all** devices from the installation list and click “Save”. 2. Follow the [steps](/data-exfiltration-prevention/exfiltration_endpoint/installation_mac/rippling_installation.md) to configure the new software package for the new version 3. Follow [these steps](#step-2.2-deploy-the-nightfall-endpoint-dlp-agent) to deploy the new version. The Nightfall Endpoint DLP Agent will now deploy to all selected target endpoints. Installation may take up to 48 hours and is dependent on the endpoint devices being turned on and connected. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://help.nightfall.ai/data-exfiltration-prevention/exfiltration_endpoint/installation_mac/rippling_installation.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.