Jamf Protect Integration with Jamf Pro

Jamf Protect is an enterprise endpoint security solution for Mac computers. With Jamf Protect, you can create custom detections that protect computers with real-time monitoring for suspicious and unwanted activities, while measuring computers against the Center for Internet Security (CIS) benchmarks with security insights. Jamf Protect runs without using kernel extensions to support continuous macOS updates and preserve the Apple user experience.

Integrating Jamf Protect with Jamf Pro allows you to download the latest version of Jamf Protect and sync plan configuration profiles directly from Jamf Pro.

To integrate Jamf Pro with your Jamf Protect tenant, you must do the following:

  1. Create an API Client in Jamf Protect—Create an API Client to generate configuration and endpoint information required by Jamf Pro.

  2. Register your Jamf Protect tenant in Jamf Pro—Register your Jamf Protect tenant to establish a secure connection between Jamf Pro and Jamf Protect.

Registering your Jamf Protect Tenant in Jamf Pro

Requirements

  • Cloud Connection Services enabled
    For instructions, see Cloud Services Connection.

  • An API Client created in Jamf Protect
    For instructions, see the API Overview section in the Jamf Protect Administrator's Guide.

  • The following Jamf Pro user account privileges:

    Category

    Privilege

    Jamf Pro Server Settings

    Jamf Protect (Read and Update)

    Cloud Services Connection (Read)

    Jamf Pro Server Actions

    Read and Download Jamf Application Assets

Procedure

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/docs.jamf.com/10.26.0/jamf-pro/administrator-guide/images/download/thumbnails/81923229/Icon_Settings_Hover.png .

  3. Click Jamf Applications.

  4. Click Jamf Protect images/download/thumbnails/81937715/Screen_Shot_2021-01-27_at_3.15.29_PM.png .

  5. Click Begin Registration.

  6. Enter your Jamf Protect API endpoint in the Jamf Protect API URL field.

  7. Enter your API Client configuration information in the Client ID and Password fields.

  8. Click Register.

Your Jamf Protect tenant is integrated with your Jamf Pro instance and a package download and list of plans should display.

images/download/attachments/81937715/ProtectRegister.png

Jamf Protect Plans in Jamf Pro

If you have a Jamf Protect subscription and registered your Jamf Protect tenant with Jamf Pro, plans from your Jamf Protect tenant are available as computer configuration profiles in Jamf Pro. You can configure the scope of plan configuration profiles to deploy them to target computers.

Keep the following in mind when configuring scope for plan configuration profiles:

  • If you delete plan configuration profiles from Jamf Protect, the plans will re-appear without a scope the next time Jamf Pro syncs with Jamf Protect (every six hours).

  • You cannot edit the settings in a Jamf Protect plan from Jamf Pro. To edit a plan, navigate to the plan in your Jamf Protect tenant. Changes to a plan on computers are applied the next time the computer checks in with Jamf Protect.

  • If the Jamf Protect PKG is deployed without a plan configuration profile, computers will not check in with the Jamf Protect Cloud and the agent will not successfully monitor for threats. Configuring scope for your plans before deploying the Jamf Protect PKG is recommended.

  • To help you find plan configuration profiles synced from Jamf Protect on the computer configuration profiles pane, "(Jamf Protect)" is appended to each profile name that is synced.

Important: Plans that are manually uploaded to Jamf Pro will not appear in the Jamf Protect section of Jamf Pro. Deleting these plans configuration profiles and re-applying their scope to plans synced from Jamf Protect is recommended. This ensures you do not have duplicate versions of a plan in Jamf Pro and that scope is accurately configured. For more information about switching from manually uploaded plans to plans that are synced between Jamf Pro and Jamf Protect, see the Switching from Manually Uploaded Jamf Protect Plans to Synced Plans in Jamf Pro Knowledge Base article.

Configuring Scope for Jamf Protect Plans

You can configure the scope of available plan configuration profiles to deploy them to target computers.

Requirements

  • A Jamf Protect subscription

  • One or more plans in Jamf Protect
    For more information, see the Creating a Plan section in the Jamf Protect Administrator's Guide.

  • Registration of your Jamf Protect tenant in Jamf Pro

Procedure

  1. Log in to Jamf Pro.

  2. In the top-right corner of the page, click Settings images/docs.jamf.com/10.26.0/jamf-pro/administrator-guide/images/download/thumbnails/81923229/Icon_Settings_Hover.png .

  3. Click Jamf Applications.

  4. Click Jamf Protect images/download/thumbnails/81937715/Screen_Shot_2021-01-27_at_3.15.29_PM.png .

  5. In the Jamf Protect Plans table, click on the plan configuration profile you want to configure in the Profile column.

    Note: You can click Sync to manually check Jamf Protect for plan updates. Jamf Pro automatically syncs with Jamf Protect every six hours.

    images/download/attachments/81937715/PlanSelect.png

  6. Click Edit.

  7. Click the Scope tab.

  8. Configure the scope of your plan configuration profile.

  9. Click Save.

The plan configuration profile is distributed to target computers the next time they check in with Jamf Pro. The scope also displays in the Scope column on the Jamf Protect page in Jamf Pro.

Related Information

For related information about deploying Jamf Protect using Jamf Pro, see the Deploying Jamf Platform Products Using Jamf Pro to Connect, Manage, and Protect Mac Computers technical paper.

For related information about Jamf Protect, see the the following sections in the Jamf Protect Administrator's Guide:

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.