In order to deploy the HEIMDAL Agent for macOS through Kandji, you need to follow this procedure.
ADDING THE CUSTOM APP PROFILE
In order to add the Agent app, follow the steps below:
1. Log in to Kandji.
2. Access the Library page, click Add New and then select the Custom apps section, and create a new one (if not created):
3. Name it Heimdal Agent or anything similar and relevant, enable the Self Service option, and for the Install Details pane, select Installer Package (install .pkg or .mpkg).
4. Upload the Agent PKG file into the Installer Package section and, for the Preinstall Script, paste in the script you find in the installHeimdal_kandji.sh file attached at the bottom of this article. Make sure to replace the KEY_HERE text with the exact license key used.
5. Press Save to lock the configuration.
ADDING THE CONFIGURATION PROFILES
Due to the requirements of macOS Ventura (and above), the HEIMDAL Agent requires the addition of 2 profiles (one for the Threat Prevention Endpoints DNS Proxy and one for the Next-Gen Antivirus Full Disk Access) that can be pushed through Jandji from the Configuration Profiles section. To have them deployed, follow the steps below:
1. In the Kandji portal, access the Library and press the Add New button to add a new profile (we will be adding the TPE DNS Extension profile first) by selecting Custom Profile. Download the Heimdal Agent - TPE DNS Extension.mobileconfig file attached at the bottom of this article, browse for it in the Profile Details section, and press Upload.
Scroll to the end of the page and press Save.
2. Repeat the profile creation process, download the Heimdal Agent - NGAV Full Disk Access.mobileconfig file attached at the bottom of this article, and upload it into the Profile Details section.
Press Save. The Library should look like this:
The Heimdal Agent - TPE DNS Extension should allow the HEIMDAL Agent to install the following DNS Proxy:
Configuration profiles can be pushed only to Mac devices that are running macOS Ventura or higher. This means that on other macOS versions before Ventura, the Heimdal Agent TPE DNS Extension and the HEIMDAL Agent NGAV Full Disk Access permission need to be approved manually by the user after the HEIMDAL Agent deployment (installation).
DEPLOYING THE NEWLY CREATED BLUEPRINT
1. Next, you need to create a new Blueprint that will be used to deploy the HEIMDAL Agent. On the Blueprints page, press the New Blueprint button, select +New Blueprint in the top left of the new window, and create it with a name and description.
2. Click the Enable Library Items button, and select the Custom App and the Custom Profiles created earlier.
3. To finish the policy configuration, make sure you also have a look at the Save Library Items to lock in the configuration.
4. Go to the Devices tab, select the computers to apply the blueprint to, and then from the action menu select Assign Blueprint.
5. The HEIMDAL Agent will get installed automatically.