QuickAdd Packages Created Using Recon

You can use Recon to create a QuickAdd package that enrolls macOS 10.15 or earlier computers when it is installed. This type of QuickAdd package can be deployed using almost any deployment tool, such as Apple Remote Desktop or Jamf Pro. You can also give the QuickAdd package to users to install.

When you create a QuickAdd package using Recon, you can do the following:

  • Specify that the management account password be randomly generated.

  • Create the management account during enrollment and configure settings for the account.

  • Ensure that SSH (Remote Login) gets enabled on computers that have it disabled.

  • Ensure that computers launch Self Service after they are enrolled.

  • Ensure that computers that already belong to a site will retain existing site membership.

  • Sign the QuickAdd package.

  • Choose a site to add computers to during enrollment.

To install a QuickAdd package, you double-click it and then follow the onscreen instructions.

Note: Due to security changes, enrolling computers with macOS 11 or later in Jamf Pro using a QuickAdd package is not supported. Consider the following:

  • macOS 11 or later does not permit the installation of an MDM profile by a script or remote commands as previously initiated by the Jamf Management Framework or QuickAdd package.

  • Running a QuickAdd package on computers with macOS 11 or later attempts to install the Jamf management framework. This allows for policy communication but does not enable MDM communication, preventing configuration profiles and remote commands from working.

  • A CA certificate is no longer downloaded and installed when performing enrollment using a QuickAdd package.

It is recommended to use an MDM-first enrollment workflow. This includes Automated Device Enrollment or user-initiated enrollment. In these workflows, an MDM profile is installed first, and later Jamf Pro automatically installs the Jamf Management Framework using an MDM command.

Signing a QuickAdd Package

Signing a QuickAdd package ensures that it appears as verified to users that install it. It also allows users to install the QuickAdd package on computers that have Apple’s Gatekeeper feature set to only allow applications downloaded from the Mac App Store and identified developers.


To sign a QuickAdd package, the computer running Recon must have:

To install a signed QuickAdd package, computers must have a Certification Authority intermediate certificate from Apple in the System keychain in Keychain Access.

Creating a QuickAdd Package Using Recon

  1. Open Recon and authenticate to the Jamf Pro server.

  2. Select QuickAdd Package in the sidebar.

  3. Enter credentials for a local administrator account.
    This account is used as the management account.
    To randomly generate a management account password, choose "Randomly generate password" from the Method for Setting Password pop-up menu.
    The randomly generated password will contain eight characters by default.

    Note: If you choose to randomly generate passwords and create the management account during enrollment, the Hide management account and Allow SSH for management account only checkboxes are not available by default. To make these options available, you need to first select the Create management account if it does not exist checkbox, and then select the Randomly generate password method for setting the management account password.


  4. If the management account you specified is a new account, select the Create management account if it does not exist checkbox and configure additional settings for the management account as needed.

  5. To enable SSH on computers that have it disabled, select the Ensure SSH is enabled checkbox.

  6. To launch Self Service on computers immediately after they are enrolled, select the Launch Self Service when done checkbox.

  7. To sign the QuickAdd package, select the Sign with checkbox and choose an installer certificate from the pop-up menu.
    Installer certificates that are located in the login keychain in Keychain Access are displayed in the pop-up menu.

    Note: The pop-up menu also displays application certificates that are located in the login keychain in Keychain Access. It is important that you choose an installer certificate, not an application certificate, to sign QuickAdd packages.

  8. To add the computers to a site, choose a site from the Site pop-up menu.

  9. To ensure that computers that already belong to a site will retain their existing site membership, select the Use existing site membership, if applicable checkbox.

  10. Click Create and save the package.

After creating the QuickAdd package, you can deploy it using a deployment tool or give the package to users to install. When the QuickAdd package is installed on computers, they are enrolled with Jamf Pro.

Related Information

For related information, see the following section in this guide:

Package Deployment
Find out how to install a QuickAdd package using a policy.

Copyright     Privacy Policy     Terms of Use     Security
© copyright 2002-2021 Jamf. All rights reserved.