Deploy Prisma Access Agents to macOS Endpoints Using Jamf Pro

1. Push the required GoDaddy CA certificates to your macOS endpoints using a certificate payload in a Jamf Pro configuration profile before deploying the Prisma Access Agent.

   If the Go Daddy Root Certificate Authority - G2 certificate is not in the endpoint's trusted root store, the Prisma Access Agent fails to enroll with the Endpoint Manager. See CA Certificate Requirements for Endpoint Manager Enrollment for details.

   1. In Jamf Pro, select ComputersConfiguration Profiles and click New.
   2. In the General payload, choose Computer Level as the level. This ensures the certificate is installed in the System Keychain and is trusted system-wide.
   3. Add a Certificate payload and upload the Go Daddy Root Certificate Authority - G2 certificate file.
   4. Click the Scope tab and assign the profile to the device groups targeted for Prisma Access Agent deployment.
   5. Click Save.
   6. Create a second profile using the same process for the Go Daddy Secure Certificate Authority - G2 intermediate certificate.
   7. Confirm that both profiles show a Completed status before proceeding.
2. Deploy configuration profiles that define how Prisma Access Agents are configured using one of the following methods:

   • (Recommended) Use one of the following configuration profiles provided by Palo Alto Networks:
     • V3 configuration profiles: Compatible with all versions of Prisma Access Agent for macOS
     • V2_1 configuration profiles: Only compatible with Prisma Access Agent 25.6 or earlier versions
   • Manually create configuration profiles using one of the following procedures:
     • Manually Create Configuration Profiles (V3) for Prisma Access Agent based on the V3 configuration profiles
     • Manually Create a Configuration Profile (V2_1) for Prisma Access Agent if you don't want to configure the V3-based configuration profiles
3. Create a Jamf policy that will trigger the installation of the Prisma Access Agent on enrolled macOS devices.