Deploying Collector in Intune

Microsoft Intune is a cloud-based endpoint management solution that also supports macOS and allows installing Collector remotely using a shell script.

Prerequisites

Read the online documentation from the Microsoft website to understand how to enroll macOS devices and learn about how shell scripts work:

1. Endpoint management at Microsoft

2. Enroll your macOS device using the Company Portal app

3. Use shell scripts on macOS devices in Intune

Before starting the deployment, ensure the devices have the appropriate policies using the MDM profiles provided by Nexthink.

The installation script

The install script provided below is an example of a recommended implementation. On each device, this script executes the following actions:

1. Downloads the specified Collector DMG file.

2. Checks the integrity of the downloaded file using a SHA256 hash.

3. Expands the DMG package.

4. Runs the CSI installer included in the package using specific parameters.

5. Verifies that the Collector services are running on the device.

Download the install script template and adjust it to match the parameters specific to your IT infrastructure. Unzip the file and open the script template with a text editor. The script interpreter is Z shell, the default interpreter since macOS 10.15 (Catalina).

Adjusting the execution parameters

The first two parameters define how Collector manages any previous versions. Nexthink does not recommend modifying the default values.

• ALLOW_UPGRADE: Defines how the script manages upgrades. The default value is new.

• CLEAN_INSTALL: Defines whether Collector preserves the configuration of previous installations or not. The default value is false.

The following parameters define the install configuration. See all the possible values on the Installing Collector on macOS page. Here is the list of mandatory parameters:

• COLLECTOR_URL: The URL of the Collector DMG package to be installed. Use this link to always point to the latest version.

• COLLECTOR_SHA256: The SHA256 hash digest of the DMG file to verify the integrity and security of the download. Find it on the same download page as the DMG. The hash of the latest DMG is available using this link.

• ADDRESS: The address of the Nexthink instance.

• TCP_PORT: The port of the Nexthink instance.

• KEY: Your Customer Key, on a single line that begins with -----BEGIN CUSTOMER KEY----- and ends with -----END CUSTOMER KEY-----.

Finally, specify other configuration parameters in the OTHER_CSI_PARAMS section to override the previous configuration. The system passes these parameters to the CSI installer. Review the default values provided to ensure everything applies to your IT infrastructure, and check the list of supported parameters on the Installing Collector on macOS help page.

Configuring the deployment

1

Log in to your Intune portal and select Devices.

2

Navigate to macOS, then Shell scripts, and select + Add.

3

Under the Basics section, enter the name of the script, for example, Install Collector, and an optional description.

4

Under Script settings, upload the script file. Leave the default values for the other fields.

5

Under Scope tags, add optional tags if needed.

6

Under Assignments, select the groups to target.

7

Review the settings and select Add to finalize.

Prevent users from disabling Collector

By default, macOS allows users to disable background applications after installation. To prevent users from turning Collector off and ensure continuous data collection, configure Intune to treat Collector as a managed login and background item:

After the profile is applied, Collector appears as a managed item in macOS.