Shell scripts on macOS devices

MobileIron Core allows you to create and sign your own macOS shell scripts, which you can then upload to Core and run on managed macOS devices. You can write a script that configures any setting within macOS System Preferences on macOS devices. Or, you may wish to run scripts that:

force device users to change their passwords monthly
lock the screen after 5 minutes of idle time
or configures a secured Wi-Fi network.

After uploading scripts to Core and configuring macOS script configuration and policy components, Core executes your scripts on macOS devices using Mobile@Work for macOS. Mobile@Work for macOS polls Core periodically to check whether there are any scripts awaiting execution. If there are scripts in the queue, Mobile@Work for macOS downloads and runs the scripts on macOS devices according to settings you define on Core. Mobile@Work runs the scripts as the device user or as root, depending on how you signed the script. Mobile@Work then returns the script execution results to Core, which are shown in the audit logs.

Components required to run shell scripts on macOS devices

NOTE:

Mobile@Work for macOS is not supported on Connected Cloud.

To run shell scripts on macOS devices, you need:

Mobile@Work for macOS on macOS devices
MobileIron Core 9.7.0.0, through the most recently released version of Core as supported by MobileIron, configured with mutual authentication
Script signing tool, provided by MobileIron
macOS script configuration on Core
macOS script policy on Core

Main steps of running shell scripts on macOS devices

Running shell scripts on macOS devices involves the following main steps: