- Print
- DarkLight
macOS Sensor Installation - MDM Configuration Profiles
This document provides details of the Mobile Device Management (MDM) Configuration Profile that can be used to deploy the LimaCharlie agent to your enterprise fleet on macOS (versions 10.15 and newer).
Affected Dialogs
Once the configuration profile is deployed using an approved MDM server, users will not need to provide approval to complete the agent installation. In particular, the following three system approval dialogs will no longer be presented:
System Extension
Network Filter
Full Disk Access
Application Installation
Configuration Profile Details
We have provided a sample configuration profile for reference:
Download LimaCharlie.mobileconfig sample configuration profile
This profile includes the following permissions:
- System Extension
- Full Disk Access
- Network Content Filter
Silent Installation Preference
In addition to the MDM profile, you will also want to place the following preference file in the /Library/Preferences folder on the endpoint prior to installation. With this preference file in place the application will provide for a silent installation.
The required preference file can be downloaded here:
Download com.refractionpoint.rphcp.client.plist preference file (to be placed in the /Library/Preferences folder on the endpoint)
Example Jamf Pro Setup
While any Apple / user approved MDM provider may be used, we have provided specific instructions for Jamf Pro as a matter of convenience.
- Log into Jamf Pro and go to Computers -> Configuration Profiles
- Add a new profile
- In the General section choose a name for the profile and set Level to "Computer Level"
- Add a Privacy Preferences Policy Control configuration and set the parameters as follows:
Identifier:
com.refractionpoint.rphcp.extension
Identifier Type:
Bundle ID
Code Requirement:
anchor apple generic and identifier "com.refractionpoint.rphcp.extension" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = N7N82884NH)
App or Service:
SystemPolicyAllFiles
Access:
Allow
- Add a System Extensions configuration and set the parameters as follows:
Enter your desired display name
System Extension Types: Allowed System Extensions
Team Identifier: N7N82884NH
Allowed System Extensions: com.refractionpoint.rphcp.extension
- Add a Content Filter configuration and set the parameters as follows:
Enter your desired filter name
Identifier: com.refractionpoint.rphcp.client
Filter Order: Firewall
Add a Socket Filter with the following details:
Socket Filter Bundle Identifier:
com.refractionpoint.rphcp.client
Socket Filter Designated Requirement
anchor apple generic and identifier "com.refractionpoint.rphcp.client" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = N7N82884NH)
Add a Network Filter with the following details:
Network Filter Bundle Identifier:
com.refractionpoint.rphcp.client
Network Filter Designated Requirement:
anchor apple generic and identifier "com.refractionpoint.rphcp.client" and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = N7N82884NH)
- Deploy the configuration profile to your devices.