{"type":"doc","content":[{"type":"paragraph","content":[{"text":"Below is the process for deploying RoboShadow agents to MAC OS devices through InTune.","type":"text"}]},{"type":"paragraph","content":[{"text":"Please also see","type":"text","marks":[{"type":"strong"}]},{"text":": ","type":"text"},{"type":"inlineCard","attrs":{"url":"https://roboshadow.atlassian.net/wiki/spaces/Roboshadow/pages/190218244/PLIST+Deployment+Needed+for+Deploying+the+MAC+Agent+via+InTune"}},{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Please note ","type":"text","marks":[{"type":"strong"}]},{"text":"-","type":"text"},{"text":" ","type":"text","marks":[{"type":"strong"}]},{"text":"this is early days for this process so we would like some feedback on this and happy to support you if you get stuck with anything.","type":"text"}]},{"type":"paragraph","content":[{"text":"Firstly you need to ","type":"text"},{"text":"manually install","type":"text","marks":[{"type":"strong"}]},{"text":" the agent onto a MAC to allow the permissions to be set.","type":"text"}]},{"type":"paragraph","content":[{"type":"inlineCard","attrs":{"url":"https://roboshadow.atlassian.net/wiki/spaces/Roboshadow/pages/96239617"}},{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Once the RoboShadow agent has been installed. ","type":"text"},{"text":"Download and install PPPC-Utility from here","type":"text","marks":[{"type":"strong"}]},{"text":" - jamf/PPPC-Utility: Privacy Preferences Policy Control (PPPC) Utility (","type":"text"},{"type":"inlineCard","attrs":{"url":"http://github.com"}},{"text":" )","type":"text"}]},{"type":"paragraph","content":[{"text":"PPPC-Utility will allow you to get the permissions XML needed for the InTune deployment.","type":"text"}]},{"type":"paragraph","content":[{"text":"Open PPPC-Utility,","type":"text","marks":[{"type":"strong"}]},{"text":" select the ","type":"text"},{"text":"RoboShadow","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"agent","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"application","type":"text","marks":[{"type":"strong"}]},{"text":" and select the","type":"text"},{"text":" + button","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":553,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124011.png","id":"52d48e0c-1f99-4365-9b2b-c8dda4f3418f","collection":"contentId-120913921","type":"file","height":292}}]},{"type":"paragraph","content":[{"text":"Search for and select the ","type":"text"},{"text":"RoboClientMac","type":"text","marks":[{"type":"strong"}]},{"text":" and click ","type":"text"},{"text":"Open","type":"text","marks":[{"type":"strong"}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":553,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124037.png","id":"32c9ded1-3fa2-44c6-b872-d54e86bd70f7","collection":"contentId-120913921","type":"file","height":256}}]},{"type":"paragraph","content":[{"text":"Search for and select ","type":"text"},{"text":"Full Disk Access","type":"text","marks":[{"type":"strong"}]},{"text":" and select ","type":"text"},{"text":"Allow","type":"text","marks":[{"type":"strong"}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":552,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124056.png","id":"fc3d5b70-65cb-4601-bccc-8c25e1d94b20","collection":"contentId-120913921","type":"file","height":294}}]},{"type":"paragraph","content":[{"text":"Select ","type":"text"},{"text":"save","type":"text","marks":[{"type":"strong"}]},{"text":". Select the ","type":"text"},{"text":"location","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"name","type":"text","marks":[{"type":"strong"}]},{"text":" the saved file to something you can remember and identify the file. This is the XML we will need to import into InTune.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":548,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124109.png","id":"34920282-f6c4-4541-b263-295e0fbe28ad","collection":"contentId-120913921","type":"file","height":326}}]},{"type":"paragraph","content":[{"text":"You can now close ","type":"text"},{"text":"PPPC-Utility","type":"text","marks":[{"type":"strong"}]},{"text":" and go to the location you saved the file. In this case it is saved in Documents:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":564,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124124.png","id":"35e03668-ba40-48fc-a357-2039a163a78d","collection":"contentId-120913921","type":"file","height":213}}]},{"type":"paragraph","content":[{"text":"You can open the file with a ","type":"text"},{"text":"text editor","type":"text","marks":[{"type":"strong"}]},{"text":" to review the XML if you need","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":570,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124138.png","id":"3db37d75-7f5e-4756-a0db-4f626c9c4103","collection":"contentId-120913921","type":"file","height":309}}]},{"type":"paragraph","content":[{"text":"Log into InTune with the required permissions to ","type":"text"},{"text":"create deployments","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"create permissions profiles","type":"text","marks":[{"type":"strong"}]},{"text":".","type":"text"}]},{"type":"paragraph","content":[{"text":"Best practice would be to create a ","type":"text"},{"text":"static","type":"text","marks":[{"type":"strong"}]},{"text":" or ","type":"text"},{"text":"dynamic device group","type":"text","marks":[{"type":"strong"}]},{"text":" to group machines you want to deploy the agent to. This group will be used later to deploy to the devices.","type":"text"}]},{"type":"paragraph","content":[{"text":"Firstly go to ","type":"text"},{"text":"Devices/macOS/Configuration","type":"text","marks":[{"type":"strong"}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":573,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124157.png","id":"105f1f6c-8f6d-4011-93c1-77f02c59fb97","collection":"contentId-120913921","type":"file","height":172}}]},{"type":"paragraph","content":[{"text":"Select the Profile Type of ","type":"text"},{"text":"Templates","type":"text","marks":[{"type":"strong"}]},{"text":" and use Template name of ","type":"text"},{"text":"Custom","type":"text","marks":[{"type":"strong"}]},{"text":" click create:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":451,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124210.png","id":"e01d2dd5-9420-4633-ba0c-489f2746c934","collection":"contentId-120913921","type":"file","height":629}}]},{"type":"paragraph","content":[{"text":"Name the policy click next:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":451,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124224.png","id":"efaca15c-085a-4e2b-b92d-11e16252a87f","collection":"contentId-120913921","type":"file","height":243}}]},{"type":"paragraph","content":[{"text":"Name the configuration","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"profile","type":"text","marks":[{"type":"strong"}]},{"text":" and select the file you saved previously with the permissions you created with ","type":"text"},{"text":"PPPC-Utility","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":444,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":263,"alt":"image-20250224-124243.png","id":"3fd957eb-6821-46f2-bcf2-82d7c57f0be0","collection":"contentId-120913921","type":"file","height":272}}]},{"type":"paragraph","content":[{"text":"If you have created a ","type":"text"},{"text":"group","type":"text","marks":[{"type":"strong"}]},{"text":" for the devices. Select this group to deploy the configuration profile to select next and review the full policy. If you are happy click ","type":"text"},{"text":"create","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":559,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":365,"alt":"image-20250224-124301.png","id":"c415c39a-cf81-4828-8d48-9b4ae7636e59","collection":"contentId-120913921","type":"file","height":256}}]},{"type":"paragraph","content":[{"text":"Once this policy is saved you should see it here.","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":590,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124316.png","id":"f4edc54e-32f5-4d79-860f-caf429caeb73","collection":"contentId-120913921","type":"file","height":87}}]},{"type":"paragraph","content":[{"text":"Next we can move onto deploying the agent to devices. The above is just for creating and deploying the configuration to give RoboShadow the required permissions to manage the device.","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Select Apps/macOS and click add and choose macOS app (PKG):","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"Select “Select app package file” and navigate to the file location for the .pkg ","type":"text","marks":[{"type":"strong"}]},{"text":"file:","type":"text","marks":[{"type":"strong"},{"type":"link","attrs":{"href":"https://roboshadow.atlassian.net/wiki/pages/resumedraft.action?draftId=234782736&draftShareId=d670e63c-d6e0-42ef-a43d-1efb667f85aa"}}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":612,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124418.png","id":"c2b86324-46a0-4e30-9828-56e8e1989307","collection":"contentId-120913921","type":"file","height":94}}]},{"type":"paragraph","content":[{"text":"Fil","type":"text","marks":[{"type":"link","attrs":{"href":"https://roboshadow.atlassian.net/wiki/pages/resumedraft.action?draftId=234782736&draftShareId=d670e63c-d6e0-42ef-a43d-1efb667f85aa"}}]},{"text":"l in the required information if you wish to:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":612,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":451,"alt":"image-20250224-124438.png","id":"f03e75ca-fc92-4821-99f8-220a80e280db","collection":"contentId-120913921","type":"file","height":273}}]},{"type":"paragraph","content":[{"text":"Next step requires a ","type":"text"},{"text":"pre-install","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"post-install","type":"text","marks":[{"type":"strong"}]},{"text":" script to run. This will link the RoboShadow agent to your organisation. You are ","type":"text"},{"text":"required","type":"text","marks":[{"type":"strong"}]},{"text":" to have and ","type":"text"},{"text":"add","type":"text","marks":[{"type":"strong"}]},{"text":" your ","type":"text"},{"text":"RoboShadow organisation ID.","type":"text","marks":[{"type":"strong"}]},{"text":" Add the following scripts to the ","type":"text"},{"text":"pre-install and post-install scripts box","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":466,"widthType":"pixel"},"content":[{"type":"media","attrs":{"width":247,"alt":"image-20250224-124455.png","id":"79153a98-ba61-4e3e-889e-47e66406b534","collection":"contentId-120913921","type":"file","height":241}}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Pre Install script:","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","content":[{"text":"#!/bin/bash\n\n# Define the target path for FirstRunHelper and the plist file\n\nFIRST_RUN_HELPER=\"/Applications/RoboMacClient.app/Contents/Resources/FirstRunHelper.app\"\n\nPLIST_PATH=\"/Library/Preferences/com.roboshadow.roboclientmac.plist\"\n\n# Ensure script runs as root\n\nif [[ $(id -u) -ne 0 ]]; then\n\n echo \"This script must be run as root!\"\n\n exit 1\n\nfi\n\n# ---------------------------\n\n# Disable FirstRunHelper\n\n# ---------------------------\n\nif [ -d \"$FIRST_RUN_HELPER\" ]; then\n\n echo \"Renaming FirstRunHelper to prevent execution...\"\n\n mv \"$FIRST_RUN_HELPER\" \"$FIRST_RUN_HELPER.disabled\"\n\n echo \"FirstRunHelper has been renamed and disabled.\"\n\nelse\n\n echo \"FirstRunHelper not found, skipping.\"\n\nfi\n\n# ---------------------------\n\n# Create plist configuration to suppress UI\n\n# ---------------------------\n\necho \"Creating plist file at $PLIST_PATH...\"\n\ncat << EOF > \"$PLIST_PATH\"\n\n\n\n\n\n\n\n\n\n FirstRun\n\n \n\n SuppressUI\n\n \n\n SUHasLaunchedBefore\n\n \n\n LastRunTestDone\n\n Done\n\n\n\n\n\nEOF\n\n# Set appropriate permissions for the plist\n\nchmod 644 \"$PLIST_PATH\"\n\necho \"Plist configuration applied successfully to $PLIST_PATH\"\n\nexit 0","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Post Install script ","type":"text","marks":[{"type":"strong"}]},{"text":"(make sure to change the ORG_ID on lin39 to your Org ID)","type":"text"},{"text":":","type":"text","marks":[{"type":"strong"}]}]},{"type":"codeBlock","content":[{"text":"#!/bin/bash\n\n# Ensure script runs as root\n\nif [[ $(id -u) -ne 0 ]]; then\n\n echo \"This script must be run as root!\"\n\n exit 1\n\nfi\n\nTIME=$(date + \"%d-%m-%H-%M\")\n\nmkdir -p /var/log/intune/roboshadow/\n\nLOG_FILE=\"/var/log/intune/roboshadow/roboclientinstall-$TIME.log\"\n\nexec > >(tee -a \"$LOG_FILE\") 2>&1\n\n# Define variables\n\nAPP_BUNDLE_ID=\"com.roboshadow.roboclientmac\"\n\nAPP_PATH=\"/Applications/RoboMacClient.app\"\n\nFIRST_RUN_HELPER=\"/Applications/RoboMacClient.app/Contents/Resources/FirstRunHelper.app\"\n\nTCC_DB=\"/Library/Application Support/com.apple.TCC/TCC.db\"\n\nPLIST_PATH=\"/Library/Preferences/com.roboshadow.roboclientmac.plist\"\n\nCONFIG_DIRECTORY=\"/Users/Shared/com.roboshadow\"\n\nCONFIG_FILE=\"$CONFIG_DIRECTORY/setup.cfg\"\n\n#add your org ID in between the speech marks\n\nORG_ID=\" \"\n\n# Stop and disable FirstRunHelper\n\nif pgrep -f \"FirstRunHelper\"; then\n\n echo \"Stopping FirstRunHelper...\"\n\n pkill -f \"FirstRunHelper\"\n\nfi\n\nif [ -d \"$FIRST_RUN_HELPER\" ]; then\n\n mv \"$FIRST_RUN_HELPER\" \"$FIRST_RUN_HELPER.disabled\"\n\n echo \"FirstRunHelper disabled.\"\n\nelse\n\n echo \"FirstRunHelper not found, skipping.\"\n\nfi\n\n# Suppress First-Run UI by creating a plist file\n\ncat << EOF > \"$PLIST_PATH\"\n\n\n\n\n\n\n\n\n\nFirstRun\n\n\n\nSuppressUI\n\n\n\nSUHasLaunchedBefore\n\n\n\nLastRunTestDone\n\nDone\n\nOrganisationId\n\n$ORG_ID\n\n\n\n\n\nEOF\n\nchmod 644 \"$PLIST_PATH\"\n\n# Create setup.cfg dynamically\n\nmkdir -p \"$CONFIG_DIRECTORY\"\n\ncat < \"$CONFIG_FILE\"\n\n{\n\n \"UploadMode\" : true,\n\n \"OrganisationId\" : \"$ORG_ID\",\n\n \"DebugMode\" : false\n\n}\n\nEOF\n\nchmod 644 \"$CONFIG_FILE\"\n\n# Grant Full Disk Access via TCC Database (requires root)\n\necho \"Modifying TCC database to grant Full Disk Access...\"\n\nsqlite3 \"$TCC_DB\" \"INSERT OR REPLACE INTO access VALUES('kTCCServiceSystemPolicyAllFiles','$APP_BUNDLE_ID',0,1,1,NULL,NULL,NULL,'UNUSED',NULL,0,1649961969);\"\n\n# Restart the TCC daemon to apply changes\n\nkillall tccd\n\necho \"checking tcc has applied \"\n\nsqlite3 \"$TCC_DB\" \"SELECT * FROM access WHERE client='$APP_BUNDLE_ID' AND service='kTCCServiceSystemPolicyAllFiles';\"\n\n# Start RoboClientMac silently in the background\n\nif [ -d \"$APP_PATH\" ]; then\n\n echo \"Starting RoboClientMac in the background...\"\n\n open -g \"$APP_PATH\"\n\nelse\n\n echo \"RoboClientMac not found!\"\n\nfi\n\necho \"Post-install configuration completed successfully.\"\n\nexit 0","type":"text"}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph","content":[{"text":"Add the script and select next:","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Select the ","type":"text"},{"text":"minimum macOS version","type":"text","marks":[{"type":"strong"}]},{"text":" this will apply to:","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Select any ","type":"text"},{"text":"additional detection rules","type":"text","marks":[{"type":"strong"}]},{"text":" if required:","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"Review","type":"text","marks":[{"type":"strong"}]},{"text":" and ","type":"text"},{"text":"save","type":"text","marks":[{"type":"strong"}]},{"text":" the app deployment.","type":"text"}]},{"type":"paragraph","content":[{"text":"Ensure ","type":"text"},{"text":"any devices","type":"text","marks":[{"type":"strong"}]},{"text":" you wish to roll this out to are correctly enrolled into InTune and added to the required groups that the configuration profile is being deployed to as well as the .pkg is being deployed to.","type":"text"}]},{"type":"paragraph","content":[{"text":"When the device checks into InTune it should pull down the ","type":"text"},{"text":"configuration","type":"text","marks":[{"type":"strong"}]},{"text":" and the ","type":"text"},{"text":"agent pkg","type":"text","marks":[{"type":"strong"}]},{"text":". Double check the following location on a few test machines to confirm the script is running and working:","type":"text"}]},{"type":"paragraph","content":[{"text":"Using a terminal, navigate to:","type":"text"}]},{"type":"paragraph","content":[{"text":"/Users/shared/com.roboshadow","type":"text"}]},{"type":"paragraph","content":[{"text":"Run the ","type":"text"},{"text":"LS command","type":"text","marks":[{"type":"strong"}]},{"text":" and confirm there is a ","type":"text"},{"text":"setup.cfg","type":"text","marks":[{"type":"strong"}]},{"text":" file in place. You can cat this file to ","type":"text"},{"text":"review the configuration","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"paragraph"},{"type":"paragraph","content":[{"text":"The Mac Manual install guide has some ","type":"text"},{"text":"trouble shooting steps","type":"text","marks":[{"type":"strong"}]},{"text":" for the client, but if you struggle with any of this then ","type":"text"},{"text":"please get in touch","type":"text","marks":[{"type":"strong"}]},{"text":":","type":"text"}]},{"type":"paragraph","content":[{"text":"6.1 Mac Agent Manual Install Guide","type":"text","marks":[{"type":"link","attrs":{"href":"https://roboshadow.atlassian.net/wiki/spaces/Roboshadow/pages/96239617"}}]}]}],"version":1}

Browser not supported