Skip to main content

Deploy to a Fleet (MDM)

The MDM track is how you put the Waxell desktop endpoint agent — the AI-endpoint ("Shadow AI") monitor — onto an entire managed fleet with zero end-user action.

Push one profile from your MDM and every targeted device silently:

  1. Trusts your tenant CA — the per-tenant root certificate lands fleet-wide.
  2. Enrolls — each device generates a CSR and gets a per-device intermediate chained to your tenant CA.
  3. Discovers its AI apps — Cursor, Claude Code, ChatGPT desktop, Copilot, and the rest are detected on the device.
  4. Reports — the device and its discovered apps appear in Governance → Connect → AI Endpoints.

No "Allow" dialogs, no per-user install, no clicks. The profile pre-authorizes everything the agent needs.

Capture is OFF by default

Deploying via MDM turns on discovery + metadata reporting only. Nothing is intercepted and no TLS is terminated until an admin explicitly enables a host. Interception is a separate, later motion driven from the Guard cascade.

Choose your path

You have...Use this
A managed fleet (Hexnode / Jamf / Kandji / Mosyle / Intune)This MDM track — keep reading
A single machine to set up by handThe Manual install page

Why it's MDM-agnostic

The same deployment works on Hexnode, Jamf, Kandji, Mosyle, and Intune because the profile uses only primitives every MDM supports.

On macOS the per-tenant .mobileconfig carries three payloads:

  • com.apple.security.root — the one universal CA-trust primitive; trusts the tenant root CA fleet-wide (silent).
  • com.apple.system-extension-policy — pre-approves the Waxell system extensions by Team ID, so they load without a user prompt.
  • A managed app config payload — delivers the enrollment endpoint, tenant key, and capture scope. The agent reads it from Managed Preferences and writes the extension's enroll-config and capture-policy.

On Windows there is no single "managed app config" artifact, so the equivalent waxell-setup.ps1 script does the same job using universal Windows primitives:

  • Imports the tenant root CA into LocalMachine\Root (the universal CA-trust primitive).
  • Writes the managed config to HKLM\SOFTWARE\Waxell (ApiUrl, ApiKey, CaptureEnabled, InterceptHosts, InterceptProcesses), which the WaxellNetworkMonitor service reads. The script ACLs the key to SYSTEM + Administrators so the API key isn't world-readable.

Because both sides lean on nothing but CA-trust + a config payload (+ a system-extension allow-list on Mac), any MDM that can push a custom profile, a trusted certificate, and an app can deliver Waxell.

The artifacts

Each tenant deploys three things. Two are per-tenant secrets (they carry your tenant API key); the installer is the same signed binary for everyone.

ArtifactPlatformWhat it isSensitivity
The profilemacOS.mobileconfig — trusts the CA, pre-approves the system extensions, delivers the managed configSecret — embeds your tenant API key
The profileWindowswaxell-setup.ps1 — trusts the CA, writes HKLM\SOFTWARE\WaxellSecret — embeds your tenant API key
The tenant root CAbothThe per-tenant root certificate (PEM) the device's per-host leaves chain toPublic cert (not secret)
The signed installermacOSWaxell-Setup-<ver>.pkg — the agent (network extension, app scanner, enrollment)Same binary for all tenants
The signed installerWindowsWaxell-<ver>.msi — the agent services + toolingSame binary for all tenants
The profile is a secret

The per-tenant .mobileconfig / waxell-setup.ps1 carries your tenant API key in its body. Treat it like a credential — scope it to the pilot tenant, and don't post it where it can leak. The root CA PEM is not sensitive.

Installer signing status

  • macOS — the .pkg is signed (Developer ID) and Apple-notarized, built under Team ID 2RWC9968XY, and distributed from install.waxell.dev. When pushed via MDM the system extension activates silently because the profile pre-authorizes that Team ID.
  • Windows — the .msi is not yet code-signed (the SSL.com EV certificate is still pending issuance). An internal Intune pilot can run today because Intune installs the MSI as SYSTEM and MDM-deployed Win32 apps bypass the SmartScreen "unknown publisher" prompt a user double-click would hit. It is not yet suitable for customer self-download. This page will be updated when the EV cert lands.

Where an admin gets the artifacts

You don't need to be in the loop manually. There are two paths.

Go to Governance → Connect → AI Endpoints → Setup. The panel offers one-click, per-tenant downloads of your .mobileconfig / waxell-setup.ps1, your tenant root CA, and links to the signed installer URLs on install.waxell.dev. It also shows the copy-paste command with your tenant key and flags the API-key-is-secret handling inline.

Via the documented endpoints

The same bytes are available from the generator endpoints with a tenant API key.

macOS profile:

curl -fsSL "https://api.waxell.dev/api/waxell/v1/endpoint/mdm-profile/" \
  -H "X-Wax-Key: $WAX_KEY" \
  -o waxell-ai-endpoints.mobileconfig

Windows setup script:

Invoke-WebRequest `
  -Uri "https://api.waxell.dev/api/waxell/v1/endpoint/mdm-profile/?platform=windows" `
  -Headers @{ "X-Wax-Key" = $env:WAX_KEY } `
  -OutFile waxell-setup.ps1

Tenant root CA (Windows cert profile / trust store):

Invoke-WebRequest `
  -Uri "https://api.waxell.dev/api/waxell/v1/endpoint/ca-root/" `
  -Headers @{ "X-Wax-Key" = $env:WAX_KEY } `
  -OutFile waxell-tenant-root.pem
Leave capture off here

These endpoints emit a capture-OFF profile by default. You can pre-enable capture for specific hosts at generation time, but the intended path is to leave it off and turn capture on later, per-app, from the Guard cascade.

What happens after the push

Within minutes (macOS) or up to the next MDM sync (Windows), each device:

  • trusts the tenant root CA,
  • enrolls (CSR → per-device intermediate),
  • scans itself and reports its AI apps,
  • shows up in Governance → Connect → AI Endpoints under AI Apps and Devices.

Capture remains off the entire time. Captures stays empty until you enable a host — at which point TLS is terminated only for the catalog AI hosts you've enabled (never banking, health, or mail), with secrets and PII DLP-redacted on-device before upload.

Next steps

Pick the platform-specific runbook for your fleet:

  • macOS — Hexnode / Jamf / Kandji / Mosyle, the .mobileconfig + .pkg.
  • Windows — Intune (and Workspace ONE, JumpCloud, etc.), the cert + waxell-setup.ps1 + .msi.

When you're ready to move from discovery to interception, see the Guard cascade.