Deployment

You can deploy Jamf Connect to computers using an MDM solution, such as Jamf Pro or Jamf School.

Deploying Jamf Connect using a Jamf Pro PreStage Enrollment

You can use a PreStage enrollment to deploy the Jamf Connect package and your package of custom files and images to new computers.

Requirements

  • Integrate Jamf Pro with Automated Device Enrollment.
 For more information, see the Integrating with Automated Device Enrollment section in the Jamf Pro Administrator's Guide.

  • Upload the Jamf Connect PKG and custom files and images package to Jamf Pro.
 For more information, see Custom Branding.

  • Create or upload computer configuration profiles for Jamf Connect.
 For more information, see Configuration.

  1. In Jamf Pro, click Computers at the top of the sidebar.
  2. Click PreStage Enrollments.
  3. Click New .
  4. Configure the following PreStage Enrollment payloads:

    Payload

    Settings

    General

    • Configure basic settings for the PreStage enrollment and customize the user experience of the Setup Assistant.

    Note:

    To ensure Jamf Connect is installed before the login window loads, do not skip all the Setup Assistant steps. Selecting one or more steps (e.g., Privacy) is recommended.

    • If your Jamf Pro environment requires authentication from an LDAP server, select Require Authentication.

    • If you are using Enrollment Customization configuration to enroll users and create local accounts with Jamf Connect, add your pre-configured Enrollment Customization configuration. For more information about using Enrollment Customization with Jamf Connect, see the Managing Jamf Connect and Enrollment Customization with Jamf Pro technical paper.

    Account Settings

    • Select Create a local administrator account before the Setup Assistant and configure the credentials to be used for the local administrator account.

    • Select Skip Account Creation. Jamf Connect will create a local user account on the computer.

    Note:

    Jamf Connect does not create an MDM-enabled local user account. For more information, see the Enabling MDM for Local User Accounts Knowledge Base article.

    Configuration Profiles

    Select the configuration profiles you created for Jamf Connect.

    Enrollment Packages

    Select the Jamf Connect PKG and the PKG with your custom files and images that you previously uploaded to your Jamf Pro cloud distribution point.

    Note:

    If using Jamf Pro 10.19.0 or later, you can include multiple packages. Packages with higher priority install first. Multiple packages with the same priority install in alphabetical order based on the package name.

  5. Click the Scope tab and configure the scope.

    The computers listed on the Scope tab are the computers that are associated with Automated Device Enrollment (formerly DEP) via the server token file (.p7m) you downloaded from Apple. You can use the Select All button to add all associated computers to the scope. This adds all computers associated with Automated Device Enrollment via the server token file regardless of any results that have been filtered using the Filter Results search field. The Unselect All button removes all associated computers from the scope.

    Note:

    If you want to automatically add computers to the scope as they become associated with the Automated Device Enrollment instance, select the Automatically assign new devices checkbox in the General payload.

  6. Click Save .

Computers in the scope will now be enrolled using the PreStage enrollment.

Best Practice:

Removing Enrollment-Only Settings in Jamf Connect

Best practice workflows cover common scenarios; however, the following recommendations may not apply in your environment.
If you configured Jamf Connect settings that should only be used during enrollment in a separate configuration profile (e.g., Notify and Acceptable Use Policy screens), you can remove computers from the configuration profile scope after enrollment is complete. This ensures these settings are not used after enrollment.

  1. Create a smart computer group that includes all computers that have completed enrollment and account creation with Jamf Pro and Jamf Connect.

  2. For your separate Jamf Connect configuration profile that includes enrollment-only settings, configure the scope to exclude the smart group created in step 1.
Computers that complete enrollment will be added to the smart group. The Jamf Connect Notify and Acceptable use policy screen settings are removed from computers when they are removed from the scope of the configuration profile.

Deploying Jamf Connect using a Jamf Pro Policy

You can use a policy to deploy Jamf Connect. Policies are most commonly used in the following scenarios:

  • To deploy the menu bar app in environments that are not using the Jamf Connect login window

  • To deploy preceding Jamf Connect updates to computers.

Requirements

  • Upload the Jamf Connect PKG and custom files and images package to Jamf Pro.
 For more information, see Custom Branding.

  • Create or upload computer configuration profiles for Jamf Connect.
 For more information, see Configuration.

  1. In Jamf Pro, click Computers at the top of the sidebar.
  2. Click Policies in the sidebar.
  3. Click New .
  4. Use the General payload to configure basic settings for the policy
  5. Use the Packages payload to add the Jamf Connect PKG.
  6. (Optional) Use the rest of the payloads to configure the tasks you want to perform.
  7. Scope the policy to the same computers targeted by your Jamf Connect configuration profiles.
  8. Click Save .

The policy is distributed to computers in the scope the next time they contact Jamf Pro.

Deploying Jamf Connect with Jamf School

  1. Upload packages.

    Add the Jamf Connect packages you want to install on computers.
 For instructions, complete the "Adding In-House Content" procedure in the Distributing In-House Apps and Books section of the Jamf School Deployment Guide and Documentation.

  2. Upload profiles.

    Upload your Jamf Connect configuration profiles and license file to Jamf School using the "Upload Custom Profile" option.
 For instructions, see Creating and Distributing Profiles in the Jamf School Deployment Guide and Documentation.

  3. Create a smart device group.

    Create a smart device group that ensures Jamf Connect is only installed on computers that have the configuration profiles successfully installed first. When configuring the smart device group make sure you do the following:

    1. In the Apps payload, add the Jamf Connect packages you want to install and select Automatic for the installation method.
    2. In the Members payload, add the "Managed Profile (Installed)" criteria to your filter for each Jamf Connect configuration profile you have uploaded. For instructions, see Creating Device Groups in the Jamf School Deployment Guide and Documentation.

      The group membership is displayed in the table below scope. Jamf Connect will be automatically installed on computers in the scope.