Deploying Collector on macOS using Intune

Microsoft Intune is a cloud-based endpoint management solution. It supports macOS and allows remote installation of Collector using a shell script.

Prerequisites

Read the online documentation from the Microsoft website to understand how to enroll macOS devices and learn about how shell scripts work:

You need some basic knowledge of shell scripting to customize the script.

Before starting the deployment, ensure the devices have the appropriate policies using the MDM profiles provided by Nexthink.

The installation script

The install script provided below is an example of a recommended implementation. On each device, this script executes the following actions:

  1. Downloads the specified Collector DMG file.

  2. Checks the integrity of the downloaded file using a SHA256 hash.

  3. Expands the DMG package.

  4. Runs the CSI installer included in the package using specific parameters.

  5. Verifies that the Collector services are running on the device.

Download the install script template and adjust it to match the parameters specific to your IT infrastructure.

  • Unzip the file and open the script template with a text editor.

  • The script interpreter is Z shell, the default interpreter since macOS 10.15 (Catalina).

  • Do not modify the lines below the ### Do not change from here ### comment.

Adjusting the execution parameters

ALLOW_UPGRADE="new"
# Possible values of ALLOW_UPGRADE, if an existing version is installed:
# "new":          Only upgrade if there is a new version available
# "only-updater": Only upgrade old versions without auto-update
# "always":       Always overwrite an existing version
# "never":        Do not upgrade an existing version
CLEAN_INSTALL="false" # Discard any previously existing configuration

The first two parameters define how Collector manages any previous versions. Nexthink does not recommend modifying the default values.

  • ALLOW_UPGRADE Defines how the script manages upgrades. The default value is new.

  • CLEAN_INSTALL Defines whether Collector preserves the configuration of previous installations or not. The default value is false.

readonly COLLECTOR_URL="https://download.nexthink.com/releases/latest/OSX_Collector/Nexthink_Collector.dmg"
readonly COLLECTOR_SHA256="693adbeebdd172792e701765b607f36e6344ede18e421fe9e4162a1520f91497" # Get your hash string, for example from https://download.nexthink.com/releases/latest/OSX_Collector/Nexthink_Collector.dmg.sha256
readonly ADDRESS="" # Nexthink instance address, example: "nxdocs.data.eu.nexthink.cloud"
readonly TCP_PORT="" # Nexthink instance port, example: 443
readonly KEY="" # Your customer key: "-----BEGIN CUSTOMER KEY-----..."

The next parameters define the install configuration. See all the possible values on the Installing Collector on macOS page. Here is the list of mandatory parameters:

  • COLLECTOR_URL The URL of the Collector DMG package to be installed. Use this link to always point to the latest version.

  • COLLECTOR_SHA256 The SHA256 hash digest of the DMG file to verify the integrity and security of the download. Find it on the same download page as the DMG. The hash of the latest DMG is available using this link.

  • ADDRESS The address of the Nexthink instance.

  • TCP_PORT The port of the Nexthink instance.

  • KEY Your Customer Key, on a single line that begins with -----BEGIN CUSTOMER KEY----- and ends with -----END CUSTOMER KEY-----.

# Optional parameters:
readonly ROOT_CA="" # Only for old releases, leave empty if not needed
# Other install parameters to customize:
readonly OTHER_CSI_PARAMS="--engage enable \
    --use_assignment enable \
    --ra_execution_policy signed_trusted_or_nexthink \
    --anonymize_username false \
    --windows_focus_time_monitoring true \
    --user_interaction_time_monitoring enable \
    --anonymize_wifi_network false"

#################################

Finally, specify other configuration parameters in the OTHER_CSI_PARAMS section to override the previous configuration. The system passes these parameters to the CSI installer. Review the default values provided to ensure everything applies to your IT infrastructure, and check the list of supported parameters on the Installing Collector on macOS help page.

Configuring the deployment

Log in to your Intune portal and click on Devices.

Navigate to macOS, then Shell scripts, and click on the + Add button.

Under the Basics section, enter the name of the script, for example, Install Collector, and an optional description.

Under Script settings, upload the script file. Leave the default values for the other fields.

Under Scope tags, add optional tags if needed.

Under Assignments, select the groups to target.

Lastly, carefully review the settings and click the Add button to finalize.

Last updated