Installing macOS Agents with Intune

When doing an Unattended Install of the macOS Agent via Intune, the reference for the com.thycotic.tms-agent Bundle ID is unnecessary and can be removed.

Prerequisites

In order to deploy the Privilege Manager agent to a macOS environment via MDM, these components MUST first be deployed to the macOS endpoints in this order:

  1. The four configuration profiles described in Using MDM Profiles for your Agent.

  2. A version of the pre-install script listed in the Unattended Install method with your TMS URL and install code.

  3. The agent installer.pkg found in our downloads, unmodified.

Customizing the Configuration Profiles

Using Intune to deploy these components in this order is slightly more complicated. Intune often pushes everything to a non-compliant device at sporadic intervals until it is compliant, and this disrupts deployment.

It is necessary to modify the names of these profiles slightly, to guarantee deployment order. The profiles with the correct names are noted in the instructions. Intune does not allow the uploading of existing configuration profiles as .mobileconfigs. You will need to copy the text of the .xml into Intune directly using this method.

Perform the following steps for each of the five profiles, in order to deploy the agent to macOS systems via Intune.

  1. In your Devices | Configuration, select the Policies tab and select Create | New Policy.

    Select the following values for these fields.

    Platform macOS
    Profile type Templates
    Template name Custom

  2. In the Configuration Settings, enter the Custom configuration profile name.

Enter the exact name of the .mobileconfig you are copying (e.g., "Privilege Manager White List" for Privilege Manager White List.mobileconfig).

  • See Custom Configuration Profiles for Intune.
  • Save the profile. Repeat for all profiles.

    • Deploying the Pre-Install Script and Installer

    1. From the macOS applications, select Create | macOS app (PKG).

    2. Upload the latest version of the macOS DelineaManagementAgentxxxx.pkg found in the Software Downloads page.

    3. Select Program | Pre-install script, then paste the script below and make sure to update the tmsBaseUrl field and the installCode field with your environment's information.

    4. This script is modified to check if the endpoint has the configuration profiles installed. It does this by matching the profile names exactly and will fail if they are not exact.

    5. Select Save.