This repository contains platform-specific integration scripts and documentation to enable Backblaze Computer Backup automation through popular RMM / MDM platforms.
This repository provides production-ready reference implementations for enterprise-scale automation of Backblaze Computer Backup across RMM platforms.
This repository is designed for:
- Enterprise IT administrators
- Jamf Pro administrators
- Managed Service Providers (MSPs)
- RMM automation engineers
It provides structured, production-ready reference implementations for deploying, monitoring, and managing Backblaze Computer Backup at scale.
Depending on the platform, integrations may include:
- Silent installation and upgrade of Backblaze Computer Backup
- Optional Business Group enrollment
- Operational actions using
bzcli(backup now, pause, resume) - Inventory and reporting via Extension Attributes (optional)
- Examples for automation and remediation workflows
Each platform implementation is self‑contained to keep scripts and documentation easy to understand and reuse.
This repository follows a layered automation model:
-
Deployment Layer
Silent installation and Business Group enrollment. -
Telemetry Layer
Backup state reporting viabzcli. -
Segmentation Layer
Dynamic device grouping within the RMM platform. -
Operational Layer
Remote backup control usingbzcliactions. -
Compliance Layer (Optional)
Deterministic health classification and remediation workflows.
Jamf Pro is provided as a reference RMM implementation.
The Generic integration exposes platform-neutral primitives that can be reused across other RMM environments.
Backblaze supports two deployment models when integrating with RMM or MDM platforms.
A single administrative Backblaze account manages multiple endpoints through automation scripts and platform policies.
This model is commonly used by enterprise IT teams, Managed Service Providers (MSPs), and RMM environments where centralized control and compliance visibility are required.
Each endpoint signs in with its own Backblaze account.
This approach is commonly used in smaller environments or individual device deployments where devices are managed independently.
The integrations in this repository primarily demonstrate the centralized deployment model used in enterprise and RMM-managed environments.
| Platform | Status |
|---|---|
| Jamf Pro | Available (Reference Implementation) |
| Kandji | Planned |
| Addigy | Planned |
| JumpCloud | Planned |
| Generic (non‑RMM) | Available |
rmm/
├── README.md
├── jamf/
│ ├── docs/
│ │ ├── README.md
│ │ ├── actions.md
│ │ ├── extension-attributes.md
│ │ └── optional-smart-groups.md
│ └── scripts/
│ ├── actions/
│ ├── configuration/
│ ├── extension-attributes/
│ └── install/
└── generic/
├── README.md
├── docs/
│ ├── README.md
│ ├── actions.md
│ ├── install.md
│ └── reporting.md
└── scripts/
├── actions/
├── install/
└── reporting/
- Each platform lives under its own top‑level folder (e.g.
jamf/). - Documentation (
docs/) lives next to the scripts it describes. - Scripts are grouped by function (install, actions, reporting).
- Optional features are clearly marked and not required for baseline deployments.
If you are using Jamf Pro, start here:
jamf/docs/README.md
If you are not using a supported RMM platform, start with the Generic integration:
generic/README.md
That document explains:
- How to deploy the installer script
- How to configure optional
bzcliactions - How to add Extension Attributes (optional)
- How to use Smart Groups for staged or phased rollouts (optional)
- This repository is intended as a reference implementation.
- Administrators should review and adapt scripts to meet their internal security and operational requirements.
- Defaults and examples are provided as guidance and may be adapted to align with organizational standards.
This repository contains reference automation scripts.
Do not store real credentials, tokens, or account identifiers in scripts or configuration files.
All examples in this repository use placeholders.
Administrators should securely manage credentials using their RMM platform's secret management features and avoid embedding sensitive values directly in automation scripts.
The following behaviors are enforced by macOS and cannot be bypassed by Jamf Pro, PPPC profiles, or any MDM solution.
Backblaze features such as Locate My Computer rely on macOS Location Services.
Apple enforces a two‑layer permission model:
-
Global Location Services toggle
- Must be enabled manually by the end user.
- Cannot be enabled silently via MDM.
-
Per‑application authorization (PPPC / TCC)
- Can be pre‑approved via configuration profiles.
- Persists across reboots, updates, and device wipes once granted.
Because Backblaze uses multiple signed binaries (for example Backblaze and bzbmenu), each binary appears separately in Location Services and must be enabled once by the user.
After this one‑time approval:
- No additional prompts occur
- Permissions persist automatically
- Behavior remains consistent after reboot or reinstall
This is expected macOS behavior and does not indicate a deployment issue.
Official Backblaze documentation for Jamf deployments: