Configuring a macOS script policy on Ivanti EPMM

Create a policy for the macOS shell scripts you intend to run on macOS devices. The macOS script policy includes the root certificate used to sign your scripts. [email protected] for macOS uses the certificate to validate the scripts before running them.

Procedure 

1. Select Policies & Configs > Policies.
2. On the Policies page, select Add New.
3. Select iOS and macOS > macOS Only > [email protected] macOS Script.

4. In the Add [email protected] macOS Script Policy dialog box, add the root certificate for your macOS shell script, as described in Exporting the CA public key certificate for your macOS scripts.

   Item	Description
   Name	Enter a name for the policy.
   Status	Select the relevant radio button to indicate whether the policy is Active or Inactive. Only one active policy can be applied to a device.
   Priority	Specifies the priority of this policy relative to the other custom policies of the same type. This priority determines which policy is applied if more than one policy is available. Select Higher than or Lower than, then select an existing policy from the drop-down list. For example, to give Policy A a higher priority than Policy B, you would select “Higher than” and “Policy B”.
   Description	Enter an explanation of the purpose of this policy.
   Upload Public Key	Upload the .pem certificate file to the script policy.
   Public Key	Once uploaded, the public key displays here.
   Max Response Size (in KB)	Enter the maximum response size for any macOS scripts you run on devices. The maximum response size limits the size of data [email protected] for macOS returns to Ivanti EPMM after running a script. This is the stdout or stderr data that is returned when running a macOS script.

5. Select Save.
6. Select the policy you just created, and apply it to the relevant labels.