Core Components

Jamf Protect is an enterprise endpoint security solution for the Mac. With Jamf Protect, you can create custom detections that protect computers with real-time monitoring for suspicious and unwanted activities, while measuring computers against the Center for Internet Security (CIS) benchmarks with security insights. Jamf Protect runs without using kernel extensions to support continuous macOS updates and preserve the Apple user experience.

Jamf Protect Agent

The agent runs on your macOS computers and performs the following tasks:

  • Audits your security settings against an industry standard benchmark (CIS).

  • Monitors real-time event-driven activity generated on macOS.

  • Syncs with a plan configuration created in the web application to analyze and respond to events for a specific computer.

  • Performs an analysis for events using the highly optimized built-in game engine on the Mac.

Agent updates are regularly available from Jamf and can be installed on computers automatically or manually.

For more information, see Jamf Protect Updates.

Command-Line Tool

The Jamf Protect agent includes the protectctl tool, which allows you to execute some simple commands on computers. The following commands are available:




Finds and repairs issues that may occur during installation of the Jamf Protect agent


Prints the Jamf Protect agent version installed on computers


Prints the following information about computers, including the following

  • Plan ID
  • Plan hash
  • Agent uptime
  • Agent status (e.g, Protected, Enrolling, Missing Plan)
  • Threat Prevention version
  • The date and time of the last agent check-in
  • The date and time of the last insights check-in

You can also use the following flags:

  • The -v flag to print more verbose information about the agent.
  • The --json flag prints the information in JSON format.
  • The --plist flag prints the information in PLIST format.


Forces a Jamf Protect agent check-in on computers. You can also use the --insights flag to force an insights check-in.


Prints help information about protectctl commands

Jamf Protect Web App

The web app is used to administer computers with the agent installed, you can do the following with the web app:

  • Configure and view reports and data per computer against an industry standard benchmark (CIS).

  • Create custom agent configurations and modify a computer's plan settings.

  • Configure custom endpoints, such as an SIEM endpoint, to receive log and alert data directly.

  • View log and alert data collected on all computers, if enabled.