MDM App Deployment
- 28 Mar 2025
- 3 Minutes to read
- Contributors
MDM App Deployment
- Updated on 28 Mar 2025
- 3 Minutes to read
- Contributors
Article summary
Did you find this summary helpful?
Thank you for your feedback!
Welcome
Welcome aboard the MDM App Deployment section at Harmony SASE's Help Center!
This guide offers you a sneak peek into this category and the must-visit resources.
The deployment process of Harmony SASE varies depending on your MDM (Mobile Device Management) provider and is done utilizing a public app deployment process.
If you are managing the Harmony SASE client deployment using MDM you should disable the Update client functions in the Harmony SASE Web Console to prevent looping client installation issues.
Must-Visit Resources
- Download the Harmony SASE agent
- MDM deployment with SWG
- Using SCCM? Click here.
- deployment guides for common MDM providers
Transparent Internet Access Installation
Note - Applies to Harmony SASE Agent version 11.5 and higher.
The Transparent Internet Access enforces internet security immediately upon agent installation, without requiring any end-user interaction.
The remote installation process bypasses both device and member registration while ensuring that users receive the latest security policies, even if they have not signed in to the agent.
You can generate a unique installation key from the platform download page. This key is visible only to Admin users. Once generated, the key validity cannot be modified.
Note - Private Access remains restricted until the user authenticates and registers on the platform.
Seamless Internet Access installation requires sending a combination of three command line parameters during the agent installation process:
- REGION
- INSTALLATION_KEY
- USER_EMAIL
Recommendations
.msi installation flags for versions 11.0 and above:
Silent Installation:
- msiexec /quiet /i Harmony_SASE_x.x.x.xxx.msi
Silent Installation and get the installation status back to the deployment service:
- start /wait msiexec /quiet /i “Harmony_SASE_x.x.x.xxx.msi"
- echo %errorlevel%
Uninstallation:
- msiexec /x “Harmony_SASE_x.x.x.xxx.msi"
- msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"
Replace "workspace_name" with your actual workspace.
Pre-populate the data residency region:- msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet REGION="EU or US"
For REGION, add "EU" for Europe and "US" for America.
Pre-populate both workspace and data residency region:
- msiexec /i "Harmony_SASE_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"
Replace "workspace_name" with your actual workspace, and for REGION, add "EU" for Europe and "US" for America.
Transparent user registration, using tenant installation and user installation (applies for version 11.5 and higher):
- msiexec /quiet /i "Harmony_SASE_XX.XX.XX.XXXX.msi" REGION="EU or US" TENANT_TOKEN="Installation Token" EMAIL="User@email.com"
.msi installation flags for legacy versions (up to 11.0):
Silent Installation:
- msiexec /quiet /i Perimeter81_x.x.x.xxx.msi
Silent Installation and get the installation status back to the deployment service:
- start /wait msiexec /quiet /i “Perimeter81_x.x.x.xxx.msi"
- echo %errorlevel%
Uninstallation:
- msiexec /x "Perimeter81_x.x.x.xxx.msi"
- msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name"
Replace "workspace_name" with your actual workspace.
Pre-populate the data residency region:- msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet REGION="EU or US"
For REGION, add "EU" for Europe and "US" for America.
Pre-populate both workspace and data residency region:
- msiexec /i "Perimeter81_x.x.x.xxx.msi" /quiet WORKSPACE="workspace_name" REGION="EU or US"
Replace "workspace_name" with your actual workspace, and for REGION, add "EU" for Europe and "US" for America.
.pkg installation flags:
Silent Installation for version 11.0.10 and above:
- $ sudo installer -pkg Harmony_SASE_x.x.x.xxx.pkg -target /
Silent Installation for legacy versions (up to 11.0.10):
- $ sudo installer -pkg Perimeter81_x.x.x.xxx.pkg -target /
- $ sudo chown -R $(stat -f%Su /dev/console) "/Applications/Permeter 81.app"
- $ chmod -R u=rwx "/Applications/Perimeter 81.app"
Pre-populate the workspace -Agent version 8.0.4.116 and higher
- $ sudo defaults write com.perimeter81d workspace "workspace_name"
Replace "workspace_name" with your actual workspace.
Remove pre-populated workspace - Agent version 8.0.4.116 and higher
- $ sudo defaults delete com.perimeter81d workspace
Pre-populate the region:
- $ sudo defaults write com.perimeter81d region "EU or US"
For region, add "EU" for Europe and "US" for America.
Uninstall script download link: Uninstall Script for MacOS
Transparent user registration, using tenant installation and user installation (applies for version 11.3 and higher):
- $ sudo defaults write com.perimeter81d REGION "EU or US" TENANT_TOKEN "Installation Token" EMAIL "User@email.com"
Linux installation flags:
Pre-populate the workspace
- /opt/Perimeter81/perimeter81 ctl set-prepopulate-tenant-id workspace_name
Note:
During installation (vanilla installation), if the region is not pre-populated, you can switch to the EU instance on the global sign in page when signing in to the Harmony SASE Agent, just as you switch workspaces. The selection is remembered for subsequent logins.
Jumpstart Your Journey
If you're just stepping into the world of Harmony SASE, our Getting Started Guide is the perfect starting point.
Support at Your Fingertips
Got questions or need help? Our support team is available round the clock. You can chat with us anytime on our website, or drop us an email at sase-support@checkpoint.com
Was this article helpful?
