Remote Control and JAMF
Accessing Automox Remote Control Through Jamf
This article provides a step-by-step guide to enable the seamless integration of Automox Remote Control with Jamf Zero Trust Network Access (ZTNA). By following the outlined process users will be able to utilize remote control while Jamf Trust is in the active state.
The process entails creating a bespoke application within the Jamf ZTNA environment and configuring the allowlist domains as route-able components. The second part of the process ensures that traffic circumvents internal gateways and routes externally instead.
Instructions
- Go to Access → Access Policy within the Jamf ZTNA console.
-
Click New App Policy and select Create Policy under SaaS Apps. Then select Custom at the bottom.
-
The important areas to configure here are Traffic Matching Rules and Routing. Traffic Matching requires you to input the allowlist rules to route from the device. Within routing, you’ll want to route it through a Shared IP Pool instead of an Internal Gateway.
- It’s important to note that you can utilize Default Device Routing and encrypted traffic routed through ZTNA with this solution. The Routing Mode must be IPv4 due to compatibility issues.
After this configuration is set up, the user must disconnect and reconnect Jamf Trust or wait approximately 15 minutes for the config to push to their device.
Deploying Automox Remote Control Permissions Configuration Profile via Jamf Pro
While Automox Remote Control will prompt the end user to enable the Screen Recording and Accessibility privacy settings, deploying a configuration profile to set those settings ahead of time can be a time saver, and may be necessary for non-admin users.
These settings can be set ahead of time by creating a configuration Profile in Jamf or amending an existing one. To do so, navigate to Configuration Profiles → Add or Edit Existing Profile → Privacy Preferences Policy Control in your Jamf Pro tenant and use the settings below:
Payload Configuration: |
---|
App Access |
Identifier: com.automox.RemoteControl |
Identifier Type: Bundle ID |
Code Requirement: identifier "com.automox.RemoteControl" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = DAEQ58A4ES |
Validate the Static Code Requirement: Off |
App or Service: ScreenCapture |
|
App or Service: Accessibility |
|
The resulting configuration profile should look like the screenshot below, and the end user should no longer be required to grant those permissions when Automox Remote Control starts on their computer.