Fixes style issue on Deploy with MDM page (#6163)

natasha-moore-elastic · mergify[bot] · commit bf9f1f8f3cc4 · 2024-11-14T16:09:09.000Z
(cherry picked from commit d0eab8a) # Conflicts: # docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
diff --git a/docs/management/admin/deploy-with-mdm.asciidoc b/docs/management/admin/deploy-with-mdm.asciidoc
@@ -71,13 +71,13 @@ image::images/content-filtering-jamf.png[]
 . Under **App Name**, enter `Elastic Security.app`.
 . Under **Bundle ID**, enter `co.elastic.alert`.
 . In the **Settings** section, include these options with the following settings:
-.. **Critical Alerts**: **Enable**.
-.. **Notifications**: **Enable**.
-.. **Banner alert type**: **Persistent**.
-.. **Notifications on Lock Screen**: **Display**.
-.. **Notifications in Notification Center**: **Display**.
-.. **Badge app icon**: **Display**.
-.. **Play sound for notifications**: **Enable**.
+.. **Critical Alerts**: Enable
+.. **Notifications**: Enable
+.. **Banner alert type**: Persistent
+.. **Notifications on Lock Screen**: Display
+.. **Notifications in Notification Center**: Display
+.. **Badge app icon**: Display
+.. **Play sound for notifications**: Enable
 . Save the configuration.
 
 [role="screenshot"]
diff --git a/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc b/docs/serverless/edr-install-config/deploy-with-mdm.asciidoc
@@ -0,0 +1,142 @@
+[[security-deploy-with-mdm]]
+= Deploy {elastic-defend} on macOS with mobile device management
+
+// :description: Configure access for deploying {elastic-defend} on macOS with mobile device management.
+// :keywords: security, how-to, secure
+
+++++
+<titleabbrev>Deploy on macOS with MDM</titleabbrev>
+++++
+
+preview:[]
+
+To silently install and deploy {elastic-defend} without the need for user interaction, you need to configure a mobile device management (MDM) profile for {elastic-endpoint}—the installed component that performs {elastic-defend}'s threat monitoring and prevention. This allows you to pre-approve the {elastic-endpoint} system extension and grant Full Disk Access to all the necessary components.
+
+This page explains how to deploy {elastic-defend} silently using Jamf.
+
+[discrete]
+[[security-deploy-with-mdm-configure-a-jamf-mdm-profile]]
+== Configure a Jamf MDM profile
+
+In Jamf, create a configuration profile for {elastic-endpoint}. Follow these steps to configure the profile:
+
+. <<security-deploy-with-mdm-approve-the-system-extension,Approve the system extension>>.
+. <<security-deploy-with-mdm-approve-network-content-filtering,Approve network content filtering>>.
+. <<security-deploy-with-mdm-enable-notifications,Enable notifications>>.
+. <<security-deploy-with-mdm-enable-full-disk-access,Enable Full Disk Access>>.
+
+[discrete]
+[[security-deploy-with-mdm-approve-the-system-extension]]
+=== Approve the system extension
+
+. Select the **System Extensions** option to configure the system extension policy for the {elastic-endpoint} configuration profile.
+. Make sure that **Allow users to approve system extensions** is selected.
+. In the **Allowed Team IDs and System Extensions** section, add the {elastic-endpoint} system extension:
++
+.. (Optional) Enter a **Display Name** for the {elastic-endpoint} system extension.
+.. From the **System Extension Types** dropdown, select **Allowed System Extensions**.
+.. Under **Team Identifier**, enter `2BT3HPN62Z`.
+.. Under **Allowed System Extensions**, enter `co.elastic.systemextension`.
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/system-extension-jamf.png[]
+
+[discrete]
+[[security-deploy-with-mdm-approve-network-content-filtering]]
+=== Approve network content filtering
+
+. Select the **Content Filter** option to configure the Network Extension policy for the {elastic-endpoint} configuration profile.
+. Under **Filter Name**, enter `ElasticEndpoint`.
+. Under **Identifier**, enter `co.elastic.endpoint`.
+. In the **Socket Filter** section, fill in these fields:
++
+.. **Socket Filter Bundle Identifier**: Enter `co.elastic.systemextension`
+.. **Socket Filter Designated Requirement**: Enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
+. In the **Network Filter** section, fill in these fields:
++
+.. **Network Filter Bundle Identifier**: Enter `co.elastic.systemextension`
+.. **Network Filter Designated Requirement**: Enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/content-filtering-jamf.png[]
+
+[discrete]
+[[security-deploy-with-mdm-enable-notifications]]
+=== Enable notifications
+
+. Select the **Notifications** option to configure the Notification Center policy for the {elastic-endpoint} configuration profile.
+. Under **App Name**, enter `Elastic Security.app`.
+. Under **Bundle ID**, enter `co.elastic.alert`.
+. In the **Settings** section, include these options with the following settings:
++
+.. **Critical Alerts**: Enable
+.. **Notifications**: Enable
+.. **Banner alert type**: Persistent
+.. **Notifications on Lock Screen**: Display
+.. **Notifications in Notification Center**: Display
+.. **Badge app icon**: Display
+.. **Play sound for notifications**: Enable
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/notifications-jamf.png[]
+
+[discrete]
+[[security-deploy-with-mdm-enable-full-disk-access]]
+=== Enable Full Disk Access
+
+. Select the **Privacy Preferences Policy Control** option to configure the Full Disk Access policy for the {elastic-endpoint} configuration profile.
+. Add a new entry with the following details:
++
+.. Under **Identifier**, enter `co.elastic.systemextension`.
+.. From the **Identifier Type** dropdown, select **Bundle ID**.
+.. Under **Code Requirement**, enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.systemextension" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
++
+.. Make sure that **Validate the Static Code Requirement** is selected.
+. Add a second entry with the following details:
++
+.. Under **Identifier**, enter `co.elastic.endpoint`.
+.. From the **Identifier Type** dropdown, select **Bundle ID**.
+.. Under **Code Requirement**, enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.endpoint" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
++
+.. Make sure that **Validate the Static Code Requirement** is selected.
+. Add a third entry with the following details:
++
+.. Under **Identifier**,  enter `co.elastic.elastic-agent`.
+.. From the **Identifier Type** dropdown, select **Bundle ID**.
+.. Under **Code Requirement**, enter the following:
++
+[source,txt]
+----
+identifier "co.elastic.elastic-agent" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = "2BT3HPN62Z"
+----
++
+.. Make sure that **Validate the Static Code Requirement** is selected.
+. Save the configuration.
+
+[role="screenshot"]
+image::images/deploy-with-mdm/fda-jamf.png[]
+
+After you complete these steps, generate the mobile configuration profile and install it onto the macOS machines. Once the profile is installed, {elastic-defend} can be deployed without the need for user interaction.
