If your MDM has a dedicated guide (SimpleMDM, Jamf Pro, Mosyle, or Kandji), use that instead for provider-specific instructions.
Prerequisites
- Admin access to your MDM solution
- Enforce deployment script and enrollment key from the Runlayer dashboard
- Your MDM must support running shell scripts on managed devices
Deployment Steps
Get Deployment Artifacts
In the Runlayer dashboard, go to Settings → Shadow MCPs and open or create an Enforce configuration to copy the generated script and enrollment key.
Deploy the Script
Use your MDM’s script or command execution feature to deploy the generated script:
- Create a new script/command in your MDM console
- Paste the generated script contents
- Configure the execution frequency
- Assign to target devices
- Save and deploy
MDM scripts typically run as root. The generated script handles this by detecting and running operations as the logged-in user where needed.
Verification
Log Locations
| Platform | Log Location |
|---|---|
| macOS | /var/log/runlayer/ai_watch_enforce.log |
Exit Codes
| Code | Meaning |
|---|---|
| 0 | Success |
| 1 | General failure (missing config, enrollment failed) |
| 2 | Network failure |
| 3 | Installation failure |