Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How To Obtain and Validate a Jamf/MDM mobileconfig File

EDR: How To Obtain and Validate a Jamf/MDM mobileconfig File

Environment

EDR Server:  All Versions
MDM Servers:  All versions configured to manage EDR Mac Sensors

Objective

How to obtain and convert a JamF/MDM mobileconfig files to XML readable format.

Resolution

A. Open a JamF/MDM policy for EDR in the JamF console.

B. Download the policy.  In JamF, Computers > Configuration Profiles > (select profile details) choose the Download option.
This is a article attached imageThis is a article attached image
C. Move the mobileconfig file to  any MacOS Terminal window.   Remove any signature wrappers:
security cms -D -i xxx.mobileconfig > xxx-unsigned.mobileconfig
D. Format the resulting file into a XML legible file:
plutil -convert xml1 xxx-unsigned.mobileconfig
E. Run 'less xxx-unsigned.mobileconfig' to view the extra characters.  Below is an example of invalid characters that do not appear in the console.
This is a article attached imageThis is a article attached image

 

Additional Notes

  • If extra characters are in the MDM policy due to cut-n-paste, then the policy does not apply properly on the sensors.
  • Some mobileconfig files do not have a signature wrapper.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-22-2022
Views:
292
Contributors