Mosyle Deployment

Prerequisites

Mosyle Business admin access
Enforce deployment script and enrollment key from the Runlayer dashboard

Deployment Steps

Get Deployment Artifacts

In the Runlayer dashboard, go to Settings → Shadow MCPs and open or create an Enforce configuration to copy the generated script and enrollment key.

Create a Custom Command

Under the Management tab, select Custom Commands
Click Add new profile
Provide a Name (e.g., “Runlayer Enforce”), check Enable variables for this profile, and paste the generated script into the code box
Switch to the Execution Settings tab and configure the execution frequency

Assign to Devices

Click Add assignment to assign the profile to all devices that should have Enforce installed

Save and Deploy

Click Save to begin deployment to target devices

Verification

Check Analytics

Navigate to Analytics in the Runlayer dashboard

Verify Devices

Confirm that devices are appearing with Enforce installed

Test Interception

Have a user trigger a shadow MCP tool call and verify it appears in audit logs

Log Locations

Platform	Log Location
macOS	`/var/log/runlayer/ai_watch_enforce.log`

Exit Codes

Code	Meaning
0	Success
1	General failure (missing config, enrollment failed)
2	Network failure
3	Installation failure

Kandji DeploymentDeploy Enforce to macOS devices managed by Kandji

⌘I

Getting Started

Platform

Cookbook

Integrations

Connectors by Runlayer

Resources

Prerequisites

Deployment Steps

Verification

Log Locations

Exit Codes

Getting Started

Platform

Cookbook

Integrations

Connectors by Runlayer

Resources

​Prerequisites

​Deployment Steps

​Verification

​Log Locations

​Exit Codes

Prerequisites

Deployment Steps

Verification

Log Locations

Exit Codes