Configuring Network Threat Prevention

The Network Threat Prevention feature of Jamf Protect helps further protect your macOS endpoint by preventing threats from reaching your devices. Network Threat Prevention provides additional protection by blocking the following types of threats:

  • phishing attempts

  • malware

  • Command and Control (C2) servers

  • unauthorized app stores

Network Threat Prevention provides category-based content filtering, which allows IT and security teams to prevent access to risky content. With Network Threat Prevention, administrators can configure clear, informational, block page messages that will not confuse end users.

Network Threat Prevention can either be deployed independently, through a configuration profile in Jamf Pro (or another UEM); or can be deployed alongside a Jamf Protect agent deployment.

Configuring the Network Threat Prevention feature of Jamf Protect involves the following steps:

  1. Activating your RADAR account

  2. Configuring a security policy.

  3. Configuring a block policy

  4. Deploying Network Threat Protection to macOS devices

  5. Testing and validation

  6. Configuring UEM Connect from within RADAR

Network Threat Prevention Data Processing Notice

By enabling the Network Threat Prevention feature of Jamf Protect all customer data, including personal data, processed by this feature will be transferred and stored within Jamf infrastructure located in Ireland. If you choose not to enable the Network Threat Prevention feature, there will be no change to how your data is processed when using Jamf Protect.

General Requirements

  • Administrator access to your Jamf Pro account

  • One or more target computers with macOS 11 or later, enrolled with Jamf Pro

  • Familiarity with deploying configuration profiles to macOS computers via Jamf Pro

Note:

If you use a firewall or proxy on your network add edns.wandera.com or *.wandera.com to your safelist to ensure that Network Threat Prevention operates as expected.

Jamf Protect Network Threat Prevention is not compatible with EPP/EDR software that deploys a firewall network extension on the device (for example, Microsoft Defender or Crowdstrike Falcon). Due to macOS limitations, Network Threat Prevention is disabled whenever an extension of this type is activated on the endpoint.

Activating Your RADAR Account

A RADAR account is required to use Network Threat Prevention. You will receive an email with instructions for how to activate your RADAR account. If you need assistance or have questions, contact Jamf customer success.

  1. Click Set a Password in the email from Jamf.
  2. Create a strong password as prompted.
  3. Log in with your email address and newly created password.
  4. Accept the Software License and Services Agreement when presented.

    This agreement is identical to the agreement you have already accepted to use Jamf Protect.

Configuring a Security Policy

With an active RADAR account, follow these steps to configure the service to protect your macOS devices from network threats according to your organization's security policy.

For more information related to configuring security policies, see the RADAR documentation Security Policy Configuration.

  1. In RADAR, navigate to Policies > Security > Threat Response.
  2. On the screen that appears, click Apply Smart Policy to apply suggested security default settings.
  3. Click Laptop under Filter by Platform.
  4. Review the pre-configured policies and modify to fit your organization's security requirements.
  5. Click Savein the top-right corner of the page.

Configuring a Block Policy

Create a block policy to enforce category-based internet content filtering or custom block rules. You can do this by selecting a default set of rules, and then configuring them as required.

For more information related to configuring block policies, see the RADAR documentation Block Policy Configuration.

  1. In RADAR, navigate to Policies > Internet > Block Policy.
  2. Under the Default Rules tab, select Block High Risk in the Pre-defined rules section.

    This applies the built-in policy that blocks known risky content.

  3. Review and modify the configured block policy rules, then click Save.