Nightfall macOS Agent Deployment: Rippling MDM

This document explains the process of installing Nightfall AI agent using the Rippling MDM.

NOTE: Rippling MDM has a requirement where the .mobileconfig profile has to be uploaded from a MacBook. It cannot be uploaded from another type of OS; otherwise the upload will not stick.

Please note there are two parts to this process:

  1. Deploy the "mobileconfig" that pushes the profile and permissions.

    1. Step 1 - Create & Deploy Profiles

  2. Deploy the agent via the .PKG and scripts.

    1. Step 2.1 - Create & Configure the Software Package

    2. Step 2.2 - Deploy the Nightfall Endpoint DLP Agent

IMPORTANT: Both Steps 1 and 2 require defining the devices to deploy to. This means that the "mobileconfig" profile requires the devices to be selected to assign to, and the agent requires selecting the devices to assign to as well. Ideally, both lists should match.

Prerequisites

Confirm the following:

  • The macOS devices are onboarded.

  • Download the package from the console:

  • (Optional) In the downloaded folder, locate the README.md under /Profiles to learn about the various MDM profiles available.

After confirming, move to "Step 1" as shown below.

To install the Nightfall agent in stealth mode (without notifying the end-user), see Install Nightfall AI Agent for MAC OS.

mdm_pre_installation_script.sh

The script is used by MDMs to ensure that a macOS machine is in a clean state before installing the Nightfall Agent. It wipes any existing Nightfall installation and prepares a clean environment for a new install, including:

  • Loading API keys

  • Rebuilding folders

  • Resetting launch daemons

NightfallAI_Profile_with_Browser_Extension.mobileconfig

This profile is designed to pre-authorize and enable what the Nightfall Endpoint Agent requires on a macOS machine without needing user prompts.

  • Silently installs/enables the Nightfall browser extension

  • Allows the extension to run without prompts

  • Authorizes required permissions (content inspection, file uploads, scanning)

  • Grants macOS Privacy Permissions required by Nightfall:

    • Full Disk Access (FDA)

    • System Events/Automation Permissions

    • Application Control Permissions

  • Configures the payloads for browser + system integration

  • Prevents users from tampering with the security controls

1

Step 1 - Create & Deploy Profiles

In this step, you will create a custom profile for each of the profiles provided in your Nightfall endpoint payload.

  1. Locate NightfallAI_Profile_with_Browser_Extensions.mobileconfig in the downloaded Nightfall Endpoint payload package.

  2. Navigate to https://app.rippling.com/it/hardware/configurations?section=macos and click Upload.

  3. Upload and save provided config profile.

    • Policy name: “Nightfall AI Agent Profile”

    • Policy description: “Nightfall AI Agent profile”

    • Platform: “macOS”

    • Drop or select NightfallAI_Profile_with_Browser_Extensions.mobileconfig.

    • Click Save & continue.

  4. Navigate to https://app.rippling.com/it/hardware/configurations?section=everything-else. Click the three-dot context menu located on the far right of the new profile. Deploy from

    • Select all employees or specific target devices.

    • Click Save to deploy the software.

2

Step 2 - Configure & Deploy Software Package

Step 2.1 - Create & Configure the Software Package

  1. Navigate to: https://app.rippling.com/hardware/software

  2. Click Upload Software on the right of the page.

    • Name: “Nightfall Endpoint DLP Agent <version>

      • <version> is the version of the package your received from Nightfall.

    • Operating System: “macOS”

    • Category: “My Uploads” (Default)

    • Description: “Nightfall Endpoint DLP Agent”.

    • Upload Installer File: drop or select the provided nightfall-ai-agent-signed.pkg file.

    • Install-check script: provided in your package as mdm_pre_install_check_script.sh

    • Pre-install script: provided in your package as mdm_pre_installation_script.sh

    • Click Submit.

    • Click Add on the newly created Software Item.

    • Click Finished Selecting.

Step 2.2 - Deploy the Nightfall Endpoint DLP Agent

  1. Search or scroll to the newly added Software Item matching the name you used in "Step 2.1".

  2. Click Edit. NOTE: If the Software Item was just recently created it may take a few minutes to leave from the "Pending" status.

  3. Select all employees or specific target devices.

  4. Click Save.

The Nightfall Endpoint DLP Agent will now deploy to all selected target devices. This may take up to 72 hours and is dependent on the endpoint devices being turned on, connected, and pre-requisite profiles deployed.

Upgrading to a New Version

The below describes the steps to upgrade endpoints with a new version of the agent:

  1. Search or scroll to the old version of the Nightfall Endpoint DLP Agent and click “Edit”.

    a. Remove all devices from the installation list and click “Save”.

  2. Follow the steps to configure the new software package for the new version

  3. Follow these steps to deploy the new version.

The Nightfall Endpoint DLP Agent will now deploy to all selected target endpoints. Installation may take up to 48 hours and is dependent on the endpoint devices being turned on and connected.

PreviousNightfall macOS Agent Deployment: Mosyle MDMNextInstall Nightfall AI Agent for Windows OS

Last updated

Was this helpful?