In this post, we will use Shell Scripts for macOS management using Intune. The purpose of using the Shell scripts depends on the organizations requirements, we will be utilizing the mechanism to enable screen sharing ability for communication apps used in the macOS.
By using custom macOS Shell scripts, you can automate the configuration of macOS devices from Intune and ensure consistent settings across your environment. However, it is important to test your scripts thoroughly and monitor their deployment to ensure they do not cause disruptions.
Shell scripts offer a powerful solution for macOS management when combined with Microsoft Intune, a comprehensive cloud-based platform for devices, applications, and customizations specific to settings.
By utilizing shell scripts, IT admins can automate various tasks, streamline configuration changes, and efficiently manage macOS devices enrolled in Intune. These scripts enable administrators to perform a wide range of operations.
With the ability to execute custom commands, leverage built-in macOS utilities, and interact with Intune policies, shell scripts empower administrators to tailor management workflows to their specific requirements. This combination of shell scripts and Intune empowers organizations to achieve enhanced productivity, security, and control over their macOS fleet.
- Enroll MacOS In Intune With Step By Step Guide
- Easy Method To Deploy Microsoft 365 On MacOS Using Intune
Prerequisites for Shell Scripting
Ensure that the following prerequisites are met when composing shell scripts and assigning them to macOS devices.
- Devices are managed by Intune, running macOS 11.0 or later.
- Devices are connected directly to the Internet. Connection through a proxy is not supported.
- Shell scripts begin with
#!and must be in a valid location, such as#!/bin/shor#!/usr/bin/env zsh. - Command-line interpreters for the applicable shells are installed.
- Prepare Shell Script to perform the actions, and save it as the filename.sh.
Important Considerations before using Shell Scripts
The checklists shared by Microsoft help you to be in good shape before you plan to deploy Shell Scripts. There are a few points that need to be considered for successful deployment.
- Shell scripts require the Microsoft Intune management agent to be successfully installed on the macOS device.
- Shell scripts run in parallel on devices as separate processes.
- Shell scripts that are run as the signed-in user will run for all currently signed-in user account on the device at the time of the run.
- An end user is required to sign in to the device to execute scripts running as a signed-in user.
- Root user privileges are required if the script requires making changes that a standard user account cannot.
- Shell scripts will attempt to run more frequently than the chosen script frequency for certain conditions, such as if the disk is full, if the storage location is tampered with, if the local cache is deleted, or if the Mac device restarts.
- Shell scripts that are running for longer than 60 minutes are stopped and reported as “failed”.
Deploy Shell Scripts for macOS Devices using Intune
Let’s check the steps for deploying Shell Scripts for macOS devices in Intune. The steps added here guide you through enabling screen sharing for macOS devices. This is needed, basically, when you will plan for screen sharing while using Microsoft Team, Webex, or any other apps.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com/.
- Navigate to Devices > Scripts. Alternatively, if you want to add Shell scripts, you can also select Devices > macOS > Configuration Scripts. This will take you to the same wizard.
In Basics, You need to type the descriptive name for the Shell script or a description to get it more clear for other references and Select Next.
The below shell script enables screen sharing on macOS devices. The next step is to upload the prepared file to Intune.
#!/bin/bash
sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.screensharing.plist - enabling screen sharring
Please wait! You also have a couple of settings to be reviewed, In the Script settings, once you upload the script, you can scroll down on the same page to get the below options.
| Shell Script Execution Options | Descriptions |
| Run script as signed-in user | Select Yes to run the script with the user’s credentials on the device. Choose No (default) to run the script as the root user. |
| Hide script notifications on devices | By default, script notifications are shown for each script that is run. End users see a IT is configuring your computer notification from Intune on macOS devices. |
| Script frequency | Select how often the script is to be run. Choose Not configured (default) to run a script only once. |
| Max number of times to retry if script fails | Select how many times the script should be run if it returns a non-zero exit code (zero meaning success). Choose Not configured (default) to not retry when a script fails. |
Here, you can assign Scope tags to filter the profile to specific IT groups. Add scope tags (if required) and click Next. Under Assignments, In Included groups, click Add groups, and then choose Select groups to include one or more groups. Click Next to continue.
Now in Review + create, review your settings. When you click on Create, your changes are saved, and the policy is created.
A notification will appear automatically in the top right-hand corner with a message. You can see that the Shell script was created successfully. If you check, the script is available in the Shell scripts list.
You can monitor macOS shell scripts deployment after you upload them to Intune by Navigating to the Properties tab. To monitor the run status of all assigned scripts for users and devices by choosing one of the following reports, Device status or User Status inside the monitoring.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.