macOS MDM Deployment Guide
Prerequisites
-
A cloud-based EndpointSecurity Management Server
Dedicated Check Point server that runs Check Point software to manage the objects and policies in a Check Point environment within a single management Domain. Synonym: Single-Domain Security Management Server. version R81(123) or R81.10 (56) or higher, or an on-premises Endpoint Security Management Server Check Point Single-Domain Security Management Server or a Multi-Domain Security Management Server.R81.20 or higher. -
A deployment policy for macOS in the Endpoint Security Server Web Management. This is necessary for the Initial Client to know the full client version to install.
Installation Script Retrieval
-
Access the Web management portal for your Endpoint Security Management Server.
-
Download a Tiny Agent from one of these options:
-
The Overview page.
Or
-
On the Operational Overview page, click Download Endpoint.
-
-
Unzip the
EPS_TINY.zipfile that was downloaded. -
Open a terminal in the unzipped folder and run:
./EPTiny.app/Contents/MacOS/EPTiny --gen-mdm-script
A script named: gen_ep_installer_script.sh appears in the same folder.
Installation Script Usage in Microsoft Intune
-
Log in to the Microsoft Intune portal, and use this link: endpoint.microsoft.com.
-
Navigate to Devices > macOS devices > Shell Scripts.
-
Upload the gen_ep_installer_script.sh script and set it up to run as root.
-
Deploy the scripts to the necessary users and groups.
-
The script now automatically installs the Endpoint Initial Client and waits for a deployment policy to install the full client.
Installation Script Usage in JAMF
Step 1: Add a new script:
-
Log in to the JAMF portal.
-
Navigate to Settings > Computer Management and select Scripts.
-
To add a new script, click + New.
-
In the General tab, give the script a name and description.
-
Use a text editor to open the generated
gen_ep_installer_script.shscript and copy the entire script. -
Select the Script tab and paste the copied script.
-
Click Save.
Step 2: Configure the script:
-
Navigate to Computers > Policies.
-
Click +New.
-
Enter a display name.
-
Select triggers, for example, Login and Reoccurring Check-in.
-
Select Scripts > Configure and add the script created in Step 1: Add a new script:.
-
For priority, select Before.
-
Select Scope and assign a target for the deployment.
-
Click Save.
How to Install Script Usage in Workspace One
-
Log in to the Workspace One portal.
-
Navigate to Resources > Scripts.
-
Select Add > macOS.
-
The New Script Wizard opens. Give the script a name and description, then click Next.
-
Keep the default values. Make sure the language is bash and the execution context is system.
-
Click Upload and select the generated
gen_ep_installer_script.shscript. -
Click Next and then on the Variables page, click Save.
-
Select the newly created script and click Assign. This assigns the script to a target device.