Skip to main content

Deploy with JumpCloud

Use JumpCloud to deploy the Willow Scan Agent to managed macOS and Windows devices.

Prerequisites

  • JumpCloud admin access with permission to manage devices, policies, software, and commands.
  • A pilot device group for the rollout.
  • The latest Willow Scan Agent files from the AI Discovery setup flow:
    • macOS: .pkg installer and .mobileconfig profile.
    • Windows: .zip package and .reg registry policy.

Minimum requirements

ComponentMinimum requirement
JumpCloud softwareJumpCloud Apple MDM for macOS deployment, or JumpCloud Windows MDM plus commands/software deployment for Windows deployment.
macOS target OSManaged macOS devices enrolled in JumpCloud Apple MDM. JumpCloud documents Apple MDM enrollment for macOS devices in Get Started: Apple MDM.
Windows target OSWindows 10 or Windows 11, excluding Windows Home editions. JumpCloud documents this requirement in Get Started: Windows MDM.
Willow filesmacOS .pkg and .mobileconfig, or Windows x64 .zip and .reg policy from Willow.
Execution privilegesWindows install commands must run with administrator privileges.

Willow does not publish a separate minimum JumpCloud version. Use currently supported JumpCloud features for Apple MDM, Windows MDM, device groups, and command or software deployment.

Expected outcome

Target devices receive the Willow configuration, install the Scan Agent, and appear in AI Discovery after the next scan interval.

For browser-based AI visibility, deploy Willow Guard through a managed Chrome policy separately from the Scan Agent package. See Deploy Willow Guard Browser Extension.

Deploy to macOS

Upload the configuration profile

  1. In JumpCloud, open device policy management.
  2. Create a custom macOS MDM profile.
  3. Upload the Willow .mobileconfig file.
  4. Assign the profile to your pilot device group.
  5. Save the policy.

Deploy the package

Use your JumpCloud software deployment workflow for macOS packages. Upload the Willow .pkg installer, assign it to the same pilot device group, and deploy it after the configuration profile is assigned.

If you deploy with a JumpCloud command instead, host the .pkg in your approved software repository and run:

sudo installer -pkg /path/to/mcp-s-scan-agent-X.Y.Z.pkg -target /

Deploy to Windows

  1. Extract the Willow Windows .zip package to a deployment location your JumpCloud command can access.
  2. Import the Willow registry policy:
reg import .\willow-scan-agent-policy.reg
  1. Run the install script as an administrator:
powershell -ExecutionPolicy Bypass -File .\install.ps1
  1. Start the scheduled task if your install workflow does not start it automatically:
Start-ScheduledTask -TaskName "MCP-S-Scan Agent"

Assign the command to your pilot device group before expanding to all target devices.

Verify deployment

On macOS:

sudo launchctl print system/com.mcp-s-scan.agent
tail -n 50 /var/log/mcp-s-scan/agent-error.log

On Windows:

Get-ScheduledTask -TaskName "MCP-S-Scan Agent" | Select-Object State
Get-Content C:\ProgramData\mcp-s-scan\logs\agent.log -Tail 50

Then open AI Discovery in Willow and confirm the pilot devices appear with recent scan times.

Troubleshooting

SymptomCheck
macOS agent runs without reportingConfirm the custom MDM profile reached the Mac before the agent started. Restart the agent after the profile arrives.
Windows install failsConfirm the JumpCloud command runs with administrator privileges and that PowerShell execution policy is bypassed for the install script.
Devices do not appear in WillowConfirm device network access to your Willow Connect URL and review local agent logs.