¶ Mac OS SASE Client Deployment using MDM (Intune)
SASE architecture allow IT to deliver networking and security to all locations, applications and users. This happens through tight integration of networking and security delivered through a single cloud platform. But one of the fundamental elements of SASE is its identity-based policy framework.
The identity of users and devices is the foundation of how SASE delivers its policy-driven access. Exium's SASE solution offers both user identity and device identity based access and policies. The two methods described below are part of the broader deployments methods described here.
The Mac scripts provided here can be run locally on the machine or pushed via any RMM tool or Intune remote deployment tool.
¶ RMM - Device Based Client Activation
SASE architecture allow IT to deliver networking and security to all locations, applications and users. This happens through tight integration of networking and security delivered through a single cloud platform. But one of the fundamental elements of SASE is its identity-based policy framework.
The identity of users and devices is the foundation of how SASE delivers its policy-driven access. Exium' SASE solution offers both user identity and device identity based access and policies. In the case of the Device Based Client Authentication deployment, described below, the security policies can only be applied at the device or endpoint level. If you desire to apply user level policies, see other methods of deployments here.
For Device Based Deployment, follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Admin console in the left menu bar
- Click on “Users and Devices” → “RMM Deployment” as shown in the screenshot below
- Select your device type (Windows, Mac etc.)
- Copy the script and push it to the user's device (or run locally on the machine for early testing)
Note the script you copy this way already has TOKEN and Workspace name. You do not need to modify the script as it is complete for deployment.
¶ Method 3A: Include user information in the Script
In this approach, individual user information needs to be passed as additional input parameter. You may automate this process if you have information linking users to devices in your RMM system.
We have made it easy for you to copy the script for a user deployment. Note the script copied below can also be run locally with admin or root privilege on the machine to test before pushing it via RMM.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users in the left menu bar
- Click on the icon with the down arrow sign next to the user as shown in the Figure below
- Select your device type (Windows, Mac etc.)
- Copy the script and push it to the user's device (or run locally on the machine for early testing)
Note the script you copy this way already has TOKEN, Workspace name and user name included. You do not need to modify the script as it is complete for deployment for a particular user.
¶ MacOS Client Deployment using Intune
This section details the steps to deploy Exium's client remotely to MacOS using the Microsoft Intune Framework.
¶ Step 1
Select Devices > macOS > Shell scripts > Add
¶ Step 2
Following is sample bash script file. Paste the copied installation script from admin console to a file as shown below and save it with .sh (Example: test.sh). upload the script file.
#!/bin/bash
******Paste the Copied Script from admin console here****
Basics: Enter name of the script and add description
¶ Step 3
Select option to run as Root User
¶ Step 4
Assignments: Select Add groups. Select the group where script need to deploy.
¶ Step 5
Review + Add: Review and check before Adding.
Add Script once verified. You can check status on devices if script is executed and agent is deployed.
¶ Mac Client Uninstallation
Copy uninstall script from admin console and follow same steps as Installation in Intune
¶ Mac Client Uninstallation (including home-brew)
Copy full uninstall script from admin console and follow same steps as Installation in Intune