Shell scripts on macOS devices

Ivanti EPMM allows you to create and sign your own macOS shell scripts, which you can then upload to Ivanti EPMM and run on managed macOS devices. You can write a script that configures any setting within macOS System Preferences on macOS devices. Or, you may wish to run scripts that:

force device users to change their passwords monthly
lock the screen after 5 minutes of idle time
or configures a secured Wi-Fi network.

After uploading scripts to Ivanti EPMM and configuring macOS script configuration and policy components, Ivanti EPMM executes your scripts on macOS devices using Ivanti Mobile@Work for macOS. Ivanti Mobile@Work for macOS polls Ivanti EPMM periodically to check whether there are any scripts awaiting execution. If there are scripts in the queue, Ivanti Mobile@Work for macOS downloads and runs the scripts on macOS devices according to settings you define on Ivanti EPMM. Ivanti Mobile@Work runs the scripts as the device user or as root, depending on how you signed the script. Ivanti Mobile@Work then returns the script execution results to Ivanti EPMM, which are shown in the audit logs.

Components required to run shell scripts on macOS devices

To run shell scripts on macOS devices, you need:

Ivanti Mobile@Work for macOS on macOS devices
Ivanti EPMM 9.7.0.0, or supported newer versions, configured with mutual authentication
Script signing tool, provided by Ivanti, Inc
macOS script configuration on Ivanti EPMM
macOS script policy on Ivanti EPMM

Main steps of running shell scripts on macOS devices

Running shell scripts on macOS devices involves the following main steps: