# Deploying Collector in Intune Microsoft Intune is a cloud-based endpoint management solution that also supports macOS and allows installing Collector remotely using a shell script. ## Prerequisites Read the online documentation from the Microsoft website to understand how to enroll macOS devices and learn about how shell scripts work: 1. [Endpoint management at Microsoft](https://learn.microsoft.com/en-us/mem/endpoint-manager-overview) 2. [Enroll your macOS device using the Company Portal app](https://learn.microsoft.com/en-us/mem/intune/user-help/enroll-your-device-in-intune-macos-cp) 3. [Use shell scripts on macOS devices in Intune](https://learn.microsoft.com/en-us/mem/intune/apps/macos-shell-scripts) {% hint style="info" %} You need some basic knowledge of shell scripting to customize the script. {% endhint %} Before starting the deployment, ensure the devices have the appropriate policies using [the MDM profiles provided by Nexthink](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/macos-collector-references/installing-collector-profile-in-jamf-for-macos). ## The installation script {% hint style="warning" %} You can extract the PKG file from the DMG file and attempt to deploy it directly in Intune. However, this method is not officially supported; Nexthink recommends deploying the DMG file using the Intune script. {% endhint %} The install script provided below is an example of a recommended implementation. On each device, this script executes the following actions: 1. Downloads the specified Collector DMG file. 2. Checks the integrity of the downloaded file using a SHA256 hash. 3. Expands the DMG package. 4. Runs the CSI installer included in the package using specific parameters. 5. Verifies that the Collector services are running on the device. [Download the install script template](https://download.nexthink.com/doc/intune.sh.zip) and adjust it to match the parameters specific to your IT infrastructure. Unzip the file and open the script template with a text editor. The script interpreter is Z shell, the default interpreter since macOS 10.15 (Catalina). {% hint style="warning" %} Do not modify the lines below the `### Do not change from here ###` comment. {% endhint %}

## Adjusting the execution parameters ``` ALLOW_UPGRADE="new" # Possible values of ALLOW_UPGRADE, if an existing version is installed: # "new": Only upgrade if there is a new version available # "only-updater": Only upgrade old versions without auto-update # "always": Always overwrite an existing version # "never": Do not upgrade an existing version CLEAN_INSTALL="false" # Discard any previously existing configuration ``` The first two parameters define how Collector manages any previous versions. Nexthink does not recommend modifying the default values. * `ALLOW_UPGRADE`: Defines how the script manages upgrades. The default value is `new`. * `CLEAN_INSTALL`: Defines whether Collector preserves the configuration of previous installations or not. The default value is `false`. ``` readonly COLLECTOR_URL="https://download.nexthink.com/releases/latest/OSX_Collector/Nexthink_Collector.dmg" readonly COLLECTOR_SHA256="693adbeebdd172792e701765b607f36e6344ede18e421fe9e4162a1520f91497" # Get your hash string, for example from https://download.nexthink.com/releases/latest/OSX_Collector/Nexthink_Collector.dmg.sha256 readonly ADDRESS="" # Nexthink instance address, example: "nxdocs.data.eu.nexthink.cloud" readonly TCP_PORT="" # Nexthink instance port, example: 443 readonly KEY="" # Your customer key: "-----BEGIN CUSTOMER KEY-----..." ``` The following parameters define the install configuration. See all the possible values on the [Installing Collector on macOS](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/installing-collector-on-macos) page. Here is the list of mandatory parameters: * `COLLECTOR_URL`: The URL of the Collector DMG package to be installed. Use [this link](https://download.nexthink.com/releases/latest/OSX_Collector/Nexthink_Collector.dmg) to always point to the latest version. * `COLLECTOR_SHA256`: The SHA256 hash digest of the DMG file to verify the integrity and security of the download. Find it on the same download page as the DMG. The hash of the latest DMG is available using [this link](https://download.nexthink.com/releases/latest/OSX_Collector/Nexthink_Collector.dmg.sha256). * `ADDRESS`: The address of the Nexthink instance. * `TCP_PORT`: The port of the Nexthink instance. * `KEY`: Your Customer Key, on a single line that begins with `-----BEGIN CUSTOMER KEY-----` and ends with `-----END CUSTOMER KEY-----`. ``` # Optional parameters: readonly ROOT_CA="" # Only for old releases, leave empty if not needed # Other install parameters to customize: readonly OTHER_CSI_PARAMS="--engage enable \ --use_assignment enable \ --ra_execution_policy signed_trusted_or_nexthink \ --anonymize_username false \ --windows_focus_time_monitoring true \ --user_interaction_time_monitoring enable \ --anonymize_wifi_network false" ################################# ``` Finally, specify other configuration parameters in the `OTHER_CSI_PARAMS` section to override the previous configuration. The system passes these parameters to the CSI installer. Review the default values provided to ensure everything applies to your IT infrastructure, and check the list of supported parameters on the [Installing Collector on macOS](https://docs.nexthink.com/platform/configuring_nexthink/bringing-data-into-your-nexthink-instance/deploying-nexthink-in-non-vdi-environment/installing-collector/installing-collector-on-macos) help page. ## Configuring the deployment {% stepper %} {% step %} Log in to your Intune portal and select **Devices**.

{% endstep %} {% step %} Navigate to **macOS**, then **Shell scripts**, and select **+ Add**.

{% endstep %} {% step %} Under the **Basics** section, enter the name of the script, for example, `Install Collector`, and an optional description.

{% endstep %} {% step %} Under **Script settings**, upload the script file. Leave the default values for the other fields.

{% endstep %} {% step %} Under **Scope tags,** add optional tags if needed.

{% endstep %} {% step %} Under **Assignments**, select the groups to target.

{% endstep %} {% step %} Review the settings and select **Add** to finalize.

{% endstep %} {% endstepper %} ## Prevent users from disabling Collector By default, macOS allows users to disable background applications after installation. To prevent users from turning Collector off and ensure continuous data collection, configure Intune to treat Collector as a managed login and background item: {% stepper %} {% step %} In the profile settings, add **Login > Service Management - Managed Login Items**. {% endstep %} {% step %} Create a new rule that targets Collector. {% hint style="info" %} Use the Collector bundle identifier as the rule type, or the full executable path if required. {% endhint %} {% endstep %} {% step %} Configure the rule so that Collector is treated as a managed login item. This ensures macOS considers it enforced by device management. {% endstep %} {% step %} Under the same configuration area, enable the setting that automatically launches Collector at login. This ensures Collector starts without user interaction. {% endstep %} {% step %} Apply the setting that manages background execution so Collector is allowed to run in the background and cannot be disabled by the user from system settings. {% endstep %} {% step %} Save the configuration and ensure the profile is assigned to supervised macOS devices. {% endstep %} {% endstepper %} After the profile is applied, Collector appears as a managed item in macOS.