Agent configuration for Macintosh devices
Ivanti® Endpoint Manager uses agent configurations to gain control of devices and manage them. For Macintosh devices, these configurations are pushed to unmanaged devices using the same process used to push agents to Windows devices.
The Default Mac Configuration package contains the required agent for controlling Macintosh devices. To use this functionality, create a Mac agent configuration and then deploy the agent to your Mac devices.
After the agents have been installed, your Macintosh devices become managed devices. Then you can create custom configurations to have greater control of these devices.
Using the Macintosh agent configuration dialog
This section describes the agent configuration dialog pages that are specific to Macintosh devices. Options on other pages are also used by Windows devices and are documented there. Click the Help button on pages for more information.
The dialog includes the following pages:
•Configuration name: Type a unique name for the agent configuration.
•Default configuration: Select this check box to make this the default Macintosh agent configuration
•Agent components to install: Standard Ivanti agent and Remote control (2022 SU3 or later) are selected by default.
•Do not run client status menu: Select this check box if you don't want end users to see the status bar menu that lets them run installs and scans.
Use this page to configure agent security and management scope. For more information on agent security, see Agent security and trusted certificates. For more information on scope, see Role-based administration overview.
- Trusted certificates: Lists the certificates on the core server. The client must have a certificate that matches the certificate on the core server for agent communication to be authorized. These certificates are used to authenticate agent communication. You can enter a domain name or IP address for the client to use when communicating with the core server. The remote control agent for Macintosh doesn't use a certificate.
- Path: Defines the device's computer location inventory attribute. Scopes are used by role-based administration to control user access to devices, and can be based on this custom directory path. The path is optional.
Use this page to configure which hardware and software scan components the inventory scanner will gather data for. By default all components are enabled. Disabling components may increase scan speed and reduce inventory record sizes.
The other pages in the Inventory settings dialog box are the same as what is used for Windows devices. Click Help on each page for more information.
Available hardware components include items such as:
- Battery
- CPU
- System info
- USB devices
Available software components include items such as:
- Applications
- Data files
- Drivers
- Fonts
Use this page to configure scheduling for patch and compliance scans.
- Scan and repair settings: Select the settings that you want to use for patch and compliance scans.
- Configure: View all available scan and repair settings. Edit or create new settings and select the settings that you want to use for patch and compliance scans.
Use this page if you have the Tenant management add-on for Endpoint Manager. You can assign an agent configuration to a tenant within your organization.
- Assign a tenant to this configuration: Select this check box if this Macintosh agent configuration is only used with a tenant in your organization.
- Choose a tenant: Select a tenant from the list of available tenants that have been defined in the Ivanti Management Console.
Use this page if you want to use an OSX profile with the Macintosh agent.
- Apply OSX profiles to this configuration: select this check box to use an OSX profile with this Macintosh agent.
- Choose which OSX profiles to apply: Select the settings to use with this Macintosh agent.
- Configure: View all available OSX profile settings. Edit or create new settings and select the settings that you want to use for this Macintosh agent.
Deploying agents to Macintosh devices that use Secure Shell (SSH)
To place agents on Macintosh devices that have Secure Shell (SSH) turned on, you must specify the SSH login credentials for the unmanaged Mac devices by selecting Configure > Services > Scheduler > Change Login from the Windows console. You can then use the same push-based agent deployment you would use for Windows devices.
Deploying and installing agents on Macintosh devices that do not use Secure Shell (SSH)
To place agents on Macintosh devices that do not have Secure Shell (SSH) turned on, you will need to decide on an alternate deployment method, such as:
- Accessing the agent from LDLogon/Mac using a Web browser and e-mailing the configuration package to users.
- Putting the configuration package on a USB drive or other removable media and taking it to each Macintosh device.
Deploying agent configurations for Macintosh devices
Use the Agent configuration tool to create and update (replace) custom configurations for your Macintosh devices. You can create different configurations for your specific needs, such as changing inventory scanner settings, remote control permissions, or what network protocols the agents use.
In order to push a configuration to devices, you need to create or update an agent configuration and then schedule the task.
Create or update the agent configuration
Set up specific configurations for your devices. Don't use parentheses in your Macintosh agent configuration names. Parentheses in the name will cause the deployment task to fail. Once you've deployed an agent configuration, you can use agent settings to update that configuration without having to redeploy the full configuration.
To create an agent configuration for Macintosh devices
- Click Tools > Configuration > Agent configuration.
- Select a configuration group (My configurations or Public configurations). On the toolbar, click the New agent configuration button > New Mac agent configuration.
- Complete the options in the Agent configuration dialog box. For more information, see Using the Macintosh agent configuration dialog.
- Click Save.
To schedule an agent configuration for Macintosh devices
- Click Tools > Configuration > Agent configuration.
- Right-click the agent configuration to be scheduled and select Schedule agent deployment.
- From the network view, drag devices, groups, or queries onto the task to target devices for the task.
- Select the task, click the Properties button on the toolbar, and schedule a time to start the task.
To update an agent configuration with a change settings task
- Follow the instructions here: Create change settings tasks.
Manually running agent configurations for Macintosh devices
You can manually run agent configurations for Macintosh devices once they have been created or updated. When you create an agent configuration, the following file is created in the LDLogon/Mac folder on your core server:
- <agent configuration name>.dmg
The LDLogon/Mac folder is a Web share and should be accessible from any browser. Follow the instructions for installing the agent (see Manually running agent configurations for Macintosh devices), but insert your agent configuration file name instead of the default file name.