Jamf Protect Deployment
You can deploy Jamf Protect to computers in your organization using one of the following methods:
- (Jamf Pro) Directly from Jamf Pro—
If you use Jamf Pro, you can deploy the latest Jamf Protect PKG and scope plans directly from Jamf Pro. This method is recommended for Jamf Pro users.
For more information about this integration, see the Deploying Jamf Platform Products Using Jamf Pro to Connect, Manage, and Protect Mac Computers technical paper.
- (Other MDM solutions) Manually download and upload—
If you use another MDM solution, you can download the latest Jamf Protect PKG and plans from your Jamf Protect tenant and upload them to your MDM solution for deployment. The PKG can be obtained from the Jamf Protect console or by a unique URL.
The following diagram shows how Jamf Protect is deployed:
If your Jamf Protect tenant is registered with Jamf Pro, your plans and the Jamf Protect PKG are automatically available. To access your Jamf Protect assets in Jamf Pro, navigate to .

Keep the following in mind when deploying Jamf Protect:
-
If Enable AutoUpdate is enabled in a plan on computers, Jamf Protect agent updates will automatically be installed. If this setting is disabled, you must download the latest package and upload it to your MDM solution to deploy updates.
-
The plan configuration profile and Jamf Protect agent should be deployed simultaneously with your MDM solution. If the Jamf Protect agent is deployed without a plan configuration profile, computers will not check in with the Jamf Protect Cloud and the agent will not successfully monitor for threats.
-
The legacy deployment packages that you can download from the Deployments page are not compatible with individually downloaded plans. Individually downloaded plans must be deployed with the Jamf Protect PKG located at in the Jamf Protect web app.
Downloading the Jamf Protect Package and Plans for Deployment
Complete the following steps to manually download plan configuration profiles and the latest Jamf Protect PKG for deployment via an MDM solution.
You must have one or more plans in Jamf Protect.
The Jamf Protect PKG and plan configuration profiles are deployed to computers the next time they check in with your MDM solution.
The Root CA may appear as untrusted on computers when installed via a plan configuration profile.