Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

Below is the process for deploying RoboShadow agents to MAC OS devices through InTune.

Firstly you need to manually install the agent onto a MAC to allow the permissions to be set. Once the RoboShadow agent has been installed. Download and install PPPC-Utility from here - jamf/PPPC-Utility: Privacy Preferences Policy Control (PPPC) Utility (http://github.com )

PPPC-Utility will allow you to get the permissions XML needed for the InTune deployment.

Open PPPC-Utility, select the RoboShadow agent application and select the + button:

image-20240925-144241.png

Search for and select the RoboClientMac and click Open

image-20240925-144320.png

Search for and select Full Disk Access and select Allow

image-20240925-144355.png

Select save. Select the location and name the saved file to something you can remember and identify the file. This is the XML we will need to import into InTune.

image-20240925-144437.png

You can now close PPPC-Utility and go to the location you saved the file. In this case it is saved in Documents:

image-20240925-144502.png

You can open the file with a text editor to review the XML if you need

image-20240925-144542.png

Log into InTune with the required permissions to create deployments and create permissions profiles.

Best practice would be to create a static or dynamic device group to group machines you want to deploy the agent to. This group will be used later to deploy to the devices.

Firstly go to Devices/macOS/Configuration. Select Create and New Policy:

image-20240925-144624.png

Select the Profile Type of Templates and use Template name of Custom click create:

image-20240925-144702.png

Name the policy click next:

image-20240925-144735.png

Name the configuration profile and select the file you saved previously with the permissions you created with PPPC-Utility:

image-20240925-144805.png

If you have created a group for the devices. Select this group to deploy the configuration profile to select next and review the full policy. If you are happy click create:

image-20240925-144901.png

Once this policy is saved you should see it here.

image-20240925-144937.png

Next we can move onto deploying the agent to devices. The above is just for creating and deploying the configuration to give RoboShadow the required permissions to manage the device.

Select Apps/macOS and click add and choose macOS app (PKG):

Select “Select app package file” and navigate to the file location for the .pkg file:

image-20240925-145037.png

Fill in the required information if you wish to:

image-20240925-145113.png

Next step requires a post install script to run. This will link the RoboShadow agent to your organisation. You are required to have and add your RoboShadow organisation ID. Add the following script to the Post-Install script box:

#!/bin/bash

# Bash script to create the setup.cfg file:

DIRECTORY="/Users/Shared/com.roboshadow"

FILE_PATH="$DIRECTORY/setup.cfg"

# Create the directory if it doesn't exist

if [ ! -d "$DIRECTORY" ]; then

mkdir -p "$DIRECTORY" fi

# Create the setup.cfg file with the specified content

cat <<EOF> "$FILE_PATH"

{

"UploadMode" : true,

"OrganisationId" : "<Organisation ID>",

"DebugMode" : false

}

EOF

# Set permissions if necessary (optional)

chmod 644 "$FILE_PATH"

echo "Setup file created at $FILE_PATH"

Add the script and select next:

image-20240925-145328.png

Select the minimum macOS version this will apply to:

image-20240925-145401.png

Select any additional detection rules if required:

image-20240925-145420.png

Review and save the app deployment.

Ensure any devices you wish to roll this out to are correctly enrolled into InTune and added to the required groups that the configuration profile is being deployed to as well as the .pkg is being deployed to.

When the device checks into InTune it should pull down the configuration and the agent pkg. Double check the following location on a few test machines to confirm the script is running and working:

Using a terminal, navigate to:

/Users/shared/com.roboshadow

Run the LS command and confirm there is a setup.cfg file in place. You can cat this file to review the configuration:

image-20240925-145600.png

  • No labels