Microsoft Intune is a powerful tool for remotely managing devices, applications, and configurations on an organizational level. You will find instructions for remotely enabling necessary permissions and installing Insightful on macOS company-managed devices.
If you wish to install Insightful directly on your employees' devices or let them do that by themselves, please check out our article on Company Computer installation steps for MacOS.
Prerequisites
1. Intune Administrator Role: Ensure you have the necessary permissions in the Microsoft Endpoint Manager Admin Center.
2. Supported Devices: Intune supports deployments on macOS 12 and later. Devices must be managed by Intune and directly connected to the Internet.
3. Scripts: Prepare the shell script, which will include Insightful installation code, ensuring it is error-free.
4. Configuration Profiles: Make sure you have the configuration profile that will ensure that the necessary permissions on MacOS devices are enabled. You can find instructions for obtaining the configuration profile in our article on How to handle macOS permissions remotely via configuration profiles.
Step 1: Deploy a Configuration Profile
A Configuration profile is a settings file used to configure devices. Deploying it on your employees' macOS devices will ensure that the necessary permissions are enabled for Insightful to function properly.
To deploy the configuration profile provided by Insightful Support, follow these steps:
1. Log in to the Microsoft Endpoint Manager Admin Center.
2. Navigate to Devices → macOS
3. Click on Configuration→ Policies → + Create → + New Policy.
4. Select the platform:
Choose macOS.
5. Choose the profile type:
Select Templates and then Custom as the profile type.
Click Create
6. Import the Configuration Profile provided by our team:
Enter a descriptive Name and optional Description for the profile.
In the Configuration settings section, add a Custom configuration profile name and click the Import button.
Select the configuration profile with the .mobileconfig extension you want to import.
Click Next.
7. Assign the profile:
Select the target group of devices and click Next:
8. Review the configuration profile you created and click Create to save and deploy the profile.
Deleting old Configuration profiles
If you need to set new configuration profiles, make sure all the old instances of configuration profiles are deleted (if there were any) in order for the new ones to work as intended.
Configuration profiles before App deployment
Always deploy the configuration profile before installing Insightful via Intune, and ensure that these have been successfully applied to the assigned devices. This ensures all required permissions are granted in advance and helps avoid unnecessary user prompts during or after deployment.
Step 2: Install the Insightful app
1. Prepare the Shell Script
Write the shell script using Visual Code, Notepad++, or another text/code editor, following the next steps:
Put #!/bin/bash in the first line of the script.
Go to your Insightful admin dashboard:
Go to the Employees tab.
Click on the Add New Employee button.
Select Company Computers.
Select macOS.
Copy the code you see using Copy Code.
Paste the code in the second line of the shell script.
2. Upload the Script to Intune
1. Log in to the Microsoft Endpoint Manager Admin Center.
2. Navigate to Devices → macOS → Scripts.
3. Click Add to create a new script profile.
4. Provide the following details:
Name: Enter a meaningful name for the script.
Description: Optionally, describe the script’s purpose.
5. Upload the script file:
Browse and select your shell script.
6. Scroll down and configure the script settings:
Run the script as a signed-in user: You should uncheck this checkbox in order for the script to run successfully.
Hide script notifications: You should check this setting if you want to hide the installation notifications.
Script frequency: Choose that the script runs once.
Max number of times to retry if the script fails: Select how many times the script should be run if it returns a non-zero exit code (zero meaning success).
Click Next
7. Assign the script to a group of devices and click Next:
8. Click Add to save and deploy the script.
Note: Insightful deployment via Microsoft Intune is not real-time.
Installation may take several hours, depending on the device check-in cycle.
If the application does not start installing immediately, this is expected behavior.
3. Verify Deployment:
1. Monitor Script Deployment:
Go to Devices → Scripts → Select the script → Device Status.
Check if the script has successfully run on targeted devices.
2. Monitor Configuration Profile Deployment:
Go to Devices → Configuration → Select the configuration profile → Device Status.
Verify that the profile is successfully assigned to devices.
3. Troubleshooting Logs:
On macOS devices, check logs for script execution at /var/log.
Best Practices:
Test Scripts: Always test the script on a test device before deploying it via Intune.
Limit Scope: Deploy to a small pilot group initially before rolling out to all devices.
Secure the Script: Avoid hardcoding sensitive information like passwords.
Documentation: Maintain clear documentation of what each script or profile does.