1. Deployment via Addigy MDM

Deployment via Addigy MDM

In this document

MacOS Profile

MacOS Profile

Deploying DefensX Agent to MacOS devices managed by Addigy MDM, consists of following items:

Download MDM MobileConfig profile, DefensX-CA certificate, Installer and optionally Uninstaller script from Policies&Groups page in the backend
Create MDM Custom Profile for MobileConfig under Catalog to install DefensX deployment settings
Create MDM Certificates Profile for DefensX-CA under Catalog to install DefensX-CA certificate
Create a SmartSoftware script under Catalog→Software to prepare DefensX Installer

Downloading the required files

First, Login to DefensX backend and navigate to Policies&Groups page. In this screen find your deployment under Endpoint Deployments, click on the RMM button.

In this RMM Dialog;

click on the "MacOS MDM" button and select "Download mobileconfig" to download mobile configuration file.
click on the "MacOS MDM" button and select "Download DefensX-CA Certificate" to download the certificate file.
click on the "MacOS MDM" button and select "Download Installer Script" to download the install script.
click on the "MacOS MDM" button and select "Download Uninstaller Script" to download the uninstall script.

Please keep all these files, you will need to use it in the following steps.

Creating MDM Profile for DefensX Settings

Login to Addigy Management Portal and go to Catalog → MDM Profiles menu and click on the New button and click on the Custom Profile button on top-right corner.

In this screen;

Select Deployment channel as Device
Select only macOS under the question "Which OS should receive this profile?"
Click on the Select .mobileconfig file button and locate the previously downloaded mobileconfig file
Click on the Create Profile button at the bottom-right to complete the process.

Creating Profile for DefensX-CA Certificate

Open the Catalog → MDM Profiles menu and click on the New button first and click on the Certificates button later.

In this screen;

Enter DefensX CA Certificate as Payload Name
Select pem as Certificate type
Click on the Select Certificate button and locate the previously downloaded DefensX-CA.cer file
Click on the Create Profile button at the bottom-right to complete the process.

Create Smart Software for Installer Script

In this step a smart software must be created under the catalog.

Open the Catalog → Software menu and click on the New button.

Enter DefensX Installer as Software Name. You can leave the version field just as 1.0.

Open the previously downloaded DefensX-installer.sh script with a text editor and copy&paste its contents into the section named </> Installation Script.

Open the previously downloaded DefensX-uninstaller.sh script with a text editor and copy&paste its contents into the Removal Script.

Click on the Save button.

Assigning to the Policies

Now all of the required components created, you have two MDM Profiles and one Smart Software component for DefensX. Find the Policy which you want to assign DefensX installation and:

Click on the MDM Profiles sub-menu for the selected policy, check both of the DefensX CA Certificate and DefensX Policy, click on the Add/Remove button and select Add to policy.
Now do the same thing for DefensX Smart Software item. Click on the Software sub-menu, check the DefensX Installer under the Smart Software section, click on the Add/Remove button and select Add to policy.

Testing

After the deployment of DefensX attached policy to the Mac devices, you will see a DefensX icon in the system tray. If you have Chrome or Edge installed, you may need to restart the browsers to get the DefensX browser extension automatically.

Tip

Safari browser doesn’t support all of the W3C browser extension APIs. DNS based DefensX policies will also be applied to Safari. But, giving consents to some actions, redirecting to the DefensX Remote Browser Isolation workers (if you have a Premium package or RBI Addon), in-context credential exposure checks, file transfer controls and adware module can only be used in Chrome and Edge browsers.

Upgrades

DefensX Agent has an internal auto update mechanism and it is not needed to manage upgrade process manually.

Uninstall

If you want to uninstall DefensX from some devices, you just need remove all three assignments you made in the policies before.