Install Guide

Push ShieldMind via your MDM.

MDM-pushed apps bypass macOS Gatekeeper and Windows SmartScreen warnings — your users never see a "block" dialog. Recipes for the three MDMs that cover ~90% of mid-market fleets.

macOS
Jamf Pro
3 steps · ~15 min
Windows + macOS
Microsoft Intune
4 steps · ~20 min
macOS
Kandji
3 steps · ~10 min

Jamf Pro (macOS)

  1. Download the ShieldMind agent .pkg from your dashboard →Installtab → "Download for MDM push".
  2. In Jamf Pro, go to Computer Management → Packages, click New, upload the .pkg, set Category to "Security".
  3. Create a Policy under Computers → Policies: trigger = "Recurring Check-in" (or "Enrollment Complete" for new devices), scope = your target Computer Group, payload = the package you uploaded. Save and let it run on next check-in.
The .pkg ships with the org enroll token baked into a configuration profile. No per-device manual setup needed. Activation visible in your dashboard's Endpoints page within 5 minutes of install.

Microsoft Intune (Windows + macOS)

  1. Download the ShieldMind agent installer from your dashboard: .msi for Windows, .pkg for macOS.
  2. In Intune, go to Apps → All apps → Add → Line-of-business app. Upload the .msi (Windows) or .pkg (macOS). For .pkg you'll also supply the bundle identifier com.shieldmind.agent.
  3. Under Assignments, assign to your target group as "Required". Set install context: System (Windows) / Device (macOS).
  4. For macOS: also create a Configuration Profile granting Full Disk Access to com.shieldmind.agent under Devices → macOS → Configuration profiles → Privacy Preference Policy Control. Same profile can grant Endpoint Security entitlements once we ship signed (until then the agent runs in observe-only mode for ESF-gated detections).

Kandji (macOS)

  1. Download the ShieldMind .pkg from your dashboard → Install.
  2. In Kandji, go to Library → Add Library Item → Custom Apps. Upload the .pkg, set Audit & Enforce frequency to "Continuously", install enforcement to "Install on-demand".
  3. Assign to a Blueprint covering your target Mac fleet. Devices on that Blueprint will install on next check-in (within 15 min).

Other MDMs

We've documented the three above because they cover most mid-market fleets, but the same .pkg / .msi works with: Mosyle, Workspace ONE, Hexnode, JumpCloud, Microsoft Endpoint Configuration Manager (MECM). Generic recipe: upload the installer, push to the target device group, no per-device interaction needed.

Need a recipe for an MDM not listed? Email bd@dtrasglobal.com— we'll write it for you within 24 hours.

No MDM? Direct install (small teams)

If you have fewer than 25 devices and no MDM, your users can install the agent directly:

  1. Download the installer from your dashboard's Install page.
  2. macOS: right-click the .pkg → "Open" → "Open anyway" in the dialog. (Unsigned interim build; switching to fully-signed soon.)
  3. Windows: run the .msi → "More info" → "Run anyway" on the SmartScreen prompt.
We're in the Apple Developer + Microsoft Hardware Dev Center review queues. Once those clear (typically 3–6 weeks), direct installs will be one-click with no warnings.