Configuring Network Threat Prevention
The Network Threat Prevention feature of Jamf Protect helps further protect your macOS endpoint by preventing threats from reaching your devices. Network Threat Prevention provides additional protection by blocking the following types of threats:
phishing attempts
malware
Command and Control (C2) servers
unauthorized app stores
Network Threat Prevention provides category-based content filtering, which allows IT and security teams to prevent access to risky content. With Network Threat Prevention, administrators can configure clear, informational, block page messages that will not confuse end users.
Network Threat Prevention can either be deployed independently, through a configuration profile in Jamf Pro (or another UEM); or can be deployed alongside a Jamf Protect agent deployment.
Configuring the Network Threat Prevention feature of Jamf Protect involves the following steps:
Activating your RADAR account
Configuring a security policy.
Configuring a block policy
Deploying Network Threat Protection to macOS devices
Testing and validation
Configuring UEM Connect from within RADAR
Network Threat Prevention Data Processing Notice
By enabling the Network Threat Prevention feature of Jamf Protect all customer data, including personal data, processed by this feature will be transferred and stored within Jamf infrastructure located in Ireland. If you choose not to enable the Network Threat Prevention feature, there will be no change to how your data is processed when using Jamf Protect.
General Requirements
Administrator access to your Jamf Pro account
One or more target computers with macOS 11 or later, enrolled with Jamf Pro
Familiarity with deploying configuration profiles to macOS computers via Jamf Pro
If you use a firewall or proxy on your network add edns.wandera.com or *.wandera.com to your safelist to ensure that Network Threat Prevention operates as expected.
Jamf Protect Network Threat Prevention is not compatible with EPP/EDR software that deploys a firewall network extension on the device (for example, Microsoft Defender or Crowdstrike Falcon). Due to macOS limitations, Network Threat Prevention is disabled whenever an extension of this type is activated on the endpoint.
Activating Your RADAR Account
A RADAR account is required to use Network Threat Prevention. You will receive an email with instructions for how to activate your RADAR account. If you need assistance or have questions, contact Jamf customer success.
Configuring a Security Policy
With an active RADAR account, follow these steps to configure the service to protect your macOS devices from network threats according to your organization's security policy.
For more information related to configuring security policies, see the RADAR documentation Security Policy Configuration.
- In RADAR, navigate to .
- On the screen that appears, click Apply Smart Policy to apply suggested security default settings.
- Click Laptop under Filter by Platform.
- Review the pre-configured policies and modify to fit your organization's security requirements.
- Click Savein the top-right corner of the page.
Configuring a Block Policy
Create a block policy to enforce category-based internet content filtering or custom block rules. You can do this by selecting a default set of rules, and then configuring them as required.
For more information related to configuring block policies, see the RADAR documentation Block Policy Configuration.