Jamf Pro - Zero Touch Installation of Desktop App

How to configure Jamf Pro zero touch deployment of Banyan Desktop App

This article describes features that are only available in the Banyan Enterprise edition.

Zero Touch Installs for Big Sur require additional steps. See here for more details.

Overview

Jamf Pro is used to administer corporate laptops, phones, tablets, and other devices in your enterprise. The Banyan Desktop App can be packaged and distributed to your device fleet via Jamf Pro in zero touch mode, requiring no interaction from end users. Also, zero touch mode does not require the end user to be an administrator on the device.

The Banyan Desktop App is deployed, installed, and registered in a matter of seconds, making zero touch mode the recommended way to deploy Banyan with Jamf Pro.

Steps

There are two high-level steps required to silently deploy and install the Banyan Desktop App then register macOS devices with Banyan:

Prerequisites

Please ensure you have created the mdm-config.json file to customize Banyan Desktop App functionality, paying particular attention to the following flags required to enable zero touch mode:

  • mdm_invite_code - Obtained from Command Center (Settings > App Deployment > Invite Code)
  • mdm_present - Set to true
  • mdm_vendor_name - Set to jamf

The example mdm-config.json below shows the three required flags to enable zero touch mode:

{
	"mdm_invite_code": "exampleinvitecode",
	"mdm_present": true,
	"mdm_vendor_name": "jamf"
}

Step 1. Prepare the Banyan Desktop App .pkg file for macOS

First, you will bundle your prepared mdm-config.json file with the latest Banyan Desktop App .dmg into a .pkg file to configure and automate the installation and registration process.

Before you begin, ensure you have downloaded and familiarized yourself with Jamf Composer and deploying a macOS app via Jamf Pro.

1.1 Download the latest Banyan Desktop App for macOS (.dmg file).

1.2 Launch Jamf Composer, then drag-and-drop the Banyan Desktop App .dmg file into Composer.

1.3 Click Convert to Source.

1.4 In the newly created Banyan App Source, delete the Applications folder shortcut (automatically created in step 1.3) and then create a new Applications folder. Then, drag-and-drop the Banyan.app into the new Applications folder.

1.5 In your Finder window, locate your mdm-config.json file that you created with the required parameters for the Banyan Zero Touch installation. Then, drag-and-drop your mdm-config.json file into Composer under the banyanapp folder (private > etc > banyanapp.).

You may need to manually create these directories if they do not already exist.

1.6 In Composer, add a post installation script for the Zero Touch installation. Right-click the Scripts folder, and then click Add Shell Script > postinstall.

Then, change the first line from #!/bin/sh to #!/bin/zsh and add a new line of /Applications/Banyan.app/Contents/MacOS/Banyan --staged-deploy-key=INSERT_DEPLOYMENT_KEY as shown in the example below:

You can obtain your Deployment Key in the Banyan Command Center by navigating to Settings > App Deployment. In the Zero Touch Deployment Using a Device Manager section, you must either copy an existing MDM deployment key or generate a new one.

1.7 In Composer, click Build as PKG, then wait for the setup to complete. Once it is set up you will see your newly repackaged .pkg file populate under the Packages section.

Step 2. Distribute the Desktop App to macOS devices via Jamf Pro

Now that you’ve prepared the Banyan Desktop App .pkg, distribute it to your end users.

2.1 In an Internet browser, log in to your Jamf Pro console and then navigate to Computers > Policies.

2.2 Click + New.

2.3 Configure the Options, including:

  • Enter a preferred Display Name for the policy.
  • Ensure Trigger is Enabled.
  • Ensure Enrollment Complete checkbox is checked.

2.4 Navigate to Scope and then set your target devices and users.

2.5 Navigate to Self Service and ensure Make the policy available in Self Service is disabled.

2.6 Click Save to save the policy configuration so far, the click Edit to continue the configuration steps.

2.7 Navigate to Options > Packages > Configure > Package Settings and then click + New.

2.8 Fill out the General fields accordingly and then click Choose File, upload your newly repackaged .pkg (created in step 1.7), and then click Save.

2.9 Click Add and then Save to add the package to the policy created in step 2.8. Allow a few minutes as Jamf Pro loads your file, creates your policy, and deploys your configured Banyan Desktop App.

Now, you can navigate back to Policies, select the policy that you just created, and take note of the Policy ID # displayed in the URL search bar. You will need this to test the new policy in Terminal (after step 3).

Step 3. (Optional) Configure the Desktop App to Launch at User Login

Now that you’ve prepared and deployed the Banyan Desktop App to your end users, you can set another Jamf policy to launch the app when an end user logs into their devices.

3.1 In your Jamf Pro portal, navigate to Computer > Configuration Policies

3.2 Click + New and then configure the Options:

  • Set Level to Computer Level
  • Set Distribution Method to Install Automatically

3.3 Click Save to save the policy configuration so far, the click Edit to continue the configuration steps.

3.4 Navigate to Login Items and then click Configure.

3.5 On the Login Items tab, find the Items section then click + Add.

3.5 Enter the file path to the Banyan App that is on your Desktop (for example, /Applications/Banyan.app), and then click Save.

Please note, the Jamf Pro console does not immediately display the Login Item you configured in step 3.5. However, you can verify the pending change by navigating back to the Options screen and ensuring it shows 1 payload configured.

3.6 Navigate to the Scope tab and then set your target devices and users.

Now, you can navigate back to Policies, select the policy that you just created, and take note of the Policy ID # displayed in the URL search bar. You will need this to test the new policy in Terminal.

Test the Jamf Pro Policies

To test Zero Touch Deployment and launch the Desktop App at user login, open up the Terminal on one of your target computers and run the following command: sudo jamf policy -id (your-policy-id-number).

You will notice the Banyan Desktop App launches and then pre-populates fields on behalf of your user such as: Invite Code, Device Ownership Type, etc. You can log out of the local user account and log back in to test the Banyan App launching at user login.


In the Command Center, you will see a STAGED USER in your directory along with all staged devices that have been silently enrolled via zero touch installation.

That’s it! You’ve successfully distributed the Banyan Desktop App without any end user interaction using Jamf Pro.

Zero Touch Update of Desktop App via Jamf Pro

There may be scenarios requiring you to update the Banyan Desktop App after deploying it to your organization’s devices via Jamf Pro.

If you want to have organizational control of the Desktop App version, the easiest option is to configure the mdm-config.json file to set mdm_disable_auto_update to true. This flag disables prompts to end users to upgrade their Desktop App because the Device Manager will push the new version.

Then, when you need to upgrade the Banyan Desktop App, simply download the latest version, convert it to an .pkg, and then deploy it to your organization’s devices. There is no need for the mdm-config.json.



Last modified: Oct 14, 2021