GuardOS with MDM
Technical Details
The GuardOS Configurator generates either a JSON or PList file based on the selected criteria.
IT administrators can distribute via MDM servers either as a PKG or configuration profile.
Deployment with PKG
Create the JSON Configuration File
Open the GuardOS Configurator application and generate your custom configuration as a .json file.Copy to Target Directory
Place the generated .json file in the following directory on your Mac:/Library/Application Support/GuardOS/Config
Add File to PKG Creator App
Use one of the following tools to package the file:JAMF Composer
Open Composer and drag the GuardOS folder into the left sidebar.
Ensure the folder structure remains:
/Library/Application Support/GuardOS/Config/your-config.json
Kandji Packages (or alternative tools like Packages by WhiteBox)
Add the .json file and preserve the full path inside the package.
Set File Permissions
Make sure the file and folder permissions are correctly set to:root:wheel
You can verify or set this using Terminal or your packaging tool’s interface.
Build the PKG
Complete the packaging process by building your .pkg file.Upload to MDM Server
Upload the newly created PKG to your MDM server (JAMF, Kandji, etc.).Create a Deployment Policy
In your MDM dashboard, create a new Policy (JAMF) or Blueprint (Kandji).
Assign the PKG to the appropriate target devices or device groups.
Deploy to Devices
Once the policy is activated, the configuration will be automatically installed on all assigned Macs.
Deploying GuardOS Config via MDM Configuration Profile in JAMF
Create the PLIST Configuration File
Use the GuardOS Configurator application to generate your custom configuration as a .plist file.Open the PLIST File
Open the generated .plist file in a text editor (like BBEdit or VS Code).
Copy the entire contents of the file without modifying it.Log in to JAMF Pro
Navigate to your JAMF Pro dashboard and go to Computers > Configuration Profiles.Create a New Profile
Click + New to create a new configuration profile.
Enter a meaningful name, such as GuardOS Configuration.
Add a Custom Settings Payload
Click Add Payload and select Application & Custom Settings.
In the Preference Domain field, enter:
com.guardOS.configClick Upload and then Add.
Paste PLIST Content
Under the newly added payload, paste the previously copied .plist content into the Custom Settings text box.
Ensure there are no formatting errors (JAMF will validate the XML).
Assign Scope
Under the Scope section, add the target devices or device groups that should receive this configuration.
Save and Deploy
Review the settings, then click Save.
The profile will now be deployed to the assigned Macs automatically via MDM.
Note: Ensure the target devices are already enrolled in JAMF Pro and assigned to the correct Smart/Static Group or directly in the Scope.
Deploying GuardOS Config via MDM Configuration Profile in Kandji
Create the PLIST Configuration File
Use the GuardOS Configurator application to generate your desired configuration as a .plist file.Open the PLIST File
Open the generated .plist file in a text editor (e.g., BBEdit, Visual Studio Code) and copy its entire content without making any modifications.Access Kandji Library
Log in to your Kandji instance.
Navigate to the Library section.
Click on Add New and select Custom Profile.Configure the Custom Profile
Name: Enter a name for the profile, such as GuardOS Configuration.
Install On: Select Mac as the device family.
Preference Domain: Set this to com.guardOS.config.
Payload: Paste the copied content of your .plist file into the payload section.docs.appcatalog.cloud+1Cloudflare Docs+1
Assign to a Blueprint
In the Assignment section, select the appropriate Blueprint(s) to which this profile should be applied.Save and Deploy
Click Save to add the custom profile to your Kandji Library.
The profile will be deployed to all devices associated with the selected Blueprint(s).
Note: Ensure that the devices targeted by this configuration profile are enrolled in Kandji and associated with the specified Blueprint(s)