How to Deploy CrowdStrike Falcon Using Jamf Pro


This article provides basic information about the installation of CrowdStrike Falcon sensor using Jamf Pro.


Jamf Pro 10.9 and later
macOS High Sierra (10.13.x) or above

Required Jamf Pro Elements

Configuration Profiles
The profiles below can be combined, but best practices calls for using one profile per application per payload.

  • Privacy Preferences Policy Control payload 
    • Grants full disk access to /Library/CS/falcond
  • Approved Kernel Extensions payload
    • Team ID X9E956P446 approved


The following two scripts are needed to build your CrowdStrike Falcon Sensor install policy.

JAMF Host: Uninstall Script


## Uninstall any remnants to clear way for the new package
if [ -d /Library/CS ]; then
    if [ -f /Library/CS/ ]; then
        echo "Running legacy uninstall"
        exit $?
    echo "Running uninstall"
    /Library/CS/falconctl uninstall
    exit $?

JAMF Host: Register

## $4 = CID with Checksum

until [ $n -ge 5 ]
   echo "Register attempt number: $n"

   ## $4 = CID with Checksum
   /Library/CS/falconctl --verbose license $4 && break  # must end with '&& break' for success
   sleep 15

Computer Policy

Create a policy in JAMF that does four things:

  1. Uninstalls any existing sensor
  2. Installs the FalconHost.pkg file
  3. Runs a script to register the host with your CID
  4. Updates the JAMF inventory


JAMF Mac Install

















Additional Mac and JAMF resources:

Support Document –

More Information about Falcon Sensor for Mac

CrowdStrike Falcon Free Trial

Try CrowdStrike Free for 15 Days Get Started with A Free Trial