In this post, I will show you how to run shell scripts on macOS devices in Intune. You can use shell scripts on macOS devices to extend device management capabilities in Intune.
We all know that you can deploy PowerShell scripts on Windows devices using Intune. Running a shell script on a macOS device is a game changer, since these scripts allow you to make complicated changes to your macOS devices. If you have numerous Mac devices in your setup, you may use Intune to mass distribute configuration updates to these devices.
When you create and assign a shell script policy to a macOS devices, it is run as a distinct process, and the run status is provided back to Intune, enabling administrators to monitor execution success or error codes. When you set the scripts to run at regular intervals, the scripts are saved locally to save download time.
Note: Rosetta 2 is required to run x64 (Intel) version of apps on Apple Silicon Macs. To install Rosetta 2 on Apple Silicon Macs automatically, you can deploy a shell script in Endpoint Manager. Also see how to manage software updates on macOS using Intune.
Prerequisites
The following prerequisites are required to run shell scripts on macOS devices using Intune:
- The macOS devices must be running version 11.0 or later.
- You must enroll macOS devices in Intune before you run shell scripts.
- The macOS devices must be connected directly to the Internet. Connection through a proxy is not supported.
- You must have a script ready to apply it to macOS devices.
- Shell scripts begin with #! and must be in a valid location such as #!/bin/sh or #!/usr/bin/env zsh.
- Command-line interpreters for the applicable shells are installed.
Considerations for using macOS Shell Scripts with Intune
Listed below are important considerations provided by Microsoft before using shell scripts on macOS devices using Intune:
- Shell scripts require that the Microsoft Intune management agent is successfully installed on the macOS device. If you have enrolled the macOS devices into Intune, you don’t have to worry about this.
- Shell scripts deployed via Intune run in parallel on devices as separate processes.
- Shell scripts that are run as the signed-in user will run for all currently signed-in user accounts on the device at the time of the run.
- An end user is required to sign in to the device to execute scripts running as a signed-in user.
- Root user privileges are required if the script requires making changes that a standard user account cannot.
- Shell scripts will attempt to run more frequently than the chosen script frequency for certain conditions. For example, if the disk is full, if the storage location is tampered with, if the local cache is deleted, or if the Mac device restarts.
- The shell scripts that are running for longer than 60 minutes are stopped and reported as “failed“.
Get the Shell Script Ready for macOS
As mentioned earlier, you must have the shell script ready so that you can run it on your macOS devices. I will be deploying a sample macOS shell script that will enable remote management on Mac.
For beginners, the Remote Management in Mac lets remote users manage the device using Apple Remote Desktop. It permits those users who have predefined access to the device to manage the system, interact with users, configure preferences, deploy files, etc. Mac users can manage (turn on/off) the remote management from the System Preferences (System Settings> General > Sharing > Remote Management).
The below script activates the remote management on your macOS devices. Open the notepad application, copy the below code to a file and save it with filename.sh (An SH file is a script that can be run with the Bash Unix shell). You’ll need to upload this file to Intune in the next step.
#!/bin/shsudo /System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/Resources/kickstart -activate
Note: Before you create and assign a shell script policy in Intune, it must be tested for functionality. Execute it manually on a Mac device to validate the script works.
Run Shell Scripts on macOS devices in Intune
Let’s go through the steps to run shell scripts on macOS devices in Intune. Use the following steps to create and assign a shell script policy to macOS devices in Intune.
- Sign in to Microsoft Intune Admin Center.
- Navigate to Devices > macOS and select Shell Scripts.
- Click the Add button to create a Shell Script for macOS.
Enter a name for the profile in the Basics tab of the Add Script pane. Add a brief description about the policy.
For instance, you can enter the following information for macOS Shell script:
Name: Enable Remote Management on macOS Devices
Description: Remote Management in Mac lets remote users manage the device with the help of Apple Remote Desktop.
Click Next.
On the Script Settings tab, you must upload the script. Click on the Browse icon and select the shell script. The macOS shell script file must be less than 200 KB in size. You can view the script that has been uploaded, but you cannot edit or modify the script at this time.
Scroll down a bit, and here you’ll find a few important settings that can be configured for your macOS script execution.
- Run script as signed-in user: Select Yes to run the script with the user’s credentials on the device. Choose No (default) to run the script as the root user. By default, the script is run as the root user. The root user can make system changes that a standard user account can’t.
- Hide script notifications on devices: By default, script notifications are shown for each script that is run. End users see an IT is configuring your computer notification from Intune on macOS devices. When not configured, these messages are shown in Notification Center.
- Script frequency: Select how often the script is to be run on macOS devices. Select Not configured (default) to run a script only once.
- Max number of times to retry if script fails: Select how many times the script should be run if it returns a non-zero exit code (zero meaning success). Select Not configured (default) to not retry when a script fails.
On the Assignments tab, you select the Azure groups to deploy the shell script. Select one or more user or device groups to whom you want to assign the script. The groups you select are shown in the list, and will receive your script policy. Click Next.
In Review + add, a summary is shown of the settings you configured. Select Add to save the script. When you select Add, the script policy is deployed to the macOS device/user groups you chose.
The macOS Shell script you created now appears in the list of scripts. If needed, you can select and view the contents of macOS shell scripts after you upload them to Intune.
You must wait for the shell script policy to apply to the targeted groups, and once the devices check-in with the Intune service, they will receive the script. You can also run Check Status incompany portal on your Mac devicesto retrieve the latest policies from Intune.
Monitor macOS Shell Script Policy in Intune
You can monitor the run status of all assigned macOS scripts for users and devices by choosing one of the following reports in Intune:
- Shell Scripts > select the script to monitor > Device status.
- Shell Scripts > select the script to monitor > User status.
In the screenshot below, we see the script policy has been executed successfully on the macOS device. On the Mac device, the remote management was enabled via the deployed script.
MacOS Script Status in Intune
On some macOS devices, running a script policy may succeed, but it may also fail on other devices. Understanding the state of script policy is necessary to debug macOS shell script policies. When a script completes execution on a macOS device, one of the following statuses is returned.
| macOS Script Status | Description |
|---|---|
| Success | Indicates that the script returned zero as the exit code. |
| Failed | Indicates that the script returned a non-zero exit code or the script is malformed. |
| No Status | In the unlikely event that a script is received on the device and the device goes offline before the run status is reported, the device will not report run status for the script in the admin center. |
3 Reasons why assigned scripts are not running on macOS devices
In rare circumstances, after creating and assigning a shell script policy to macOS devices, the associated scripts do not run. The following are some of the reasons why the assigned scripts fail to run on macOS devices:
- The agent might need to check in to receive new or updated scripts. This check-in process occurs every 8 hours and is different from the MDM check-in. Make sure that the device is awake and connected to a network for a successful agent check-in, and wait for the agent to check in. You can also request the end user to open Company Portal on the Mac, select the device and click Check settings.
- The Intune agent may not be installed on the macOS. Check that the agent is installed at /Library/Intune/Microsoft Intune Agent.app on the macOS device.
- The agent may not be in a healthy state. The agent will attempt to recover for 24 hours, remove itself and reinstall if shell scripts are still assigned.
FAQs
How to Run Shell Scripts on macOS devices in Intune? ›
Instead of entering commands and waiting for a response, you can compose shell scripts that run without direct interaction. A shell script is a text file that contains one or more UNIX commands.
Can you run shell scripts on Mac? ›Instead of entering commands and waiting for a response, you can compose shell scripts that run without direct interaction. A shell script is a text file that contains one or more UNIX commands.
How do I automatically run a shell script on a Mac? ›- Choose File > New.
- Select a document type, then click Choose.
- Type Run Shell Script in the search field, then select Run Shell Script in the search results.
- Drag the Run Shell Script action into your workflow.
In Script settings, enter the following properties, and select Next: Script location: Browse to the PowerShell script. The script must be less than 200 KB (ASCII). Run this script using the logged on credentials: Select Yes to run the script with the user's credentials on the device.
Do bash scripts work on macOS? ›Bash scripts are files containing code that tell your computer to do something. They're a staple of the Linux world, and there are thousands of them freely available on the internet. With a bit of tweaking, you can use these scripts on your Mac, too.
Can I use bash shell on Mac? ›Mac OS X Shells
Mac OS X comes with the Bourne Again SHell (bash) as the default user shell and also includes the TENEX C shell (tcsh), the Korn shell (ksh), and the Z shell (zsh). bash, ksh, and zsh are compatible with sh, the original Bourne shell.
Configuring the deployment
Log in to your Intune portal and click on Devices. Navigate to macOS, then Shell scripts, and click on the + Add button. Under the Basics section, enter the name of the script, for example, Install Collector , and an optional description. Under Script settings, upload the script file.
- Open the terminal application.
- List available shells by typing cat /etc/shells .
- Note down the path to bash such as /bin/bash.
- To update your account to use bash run chsh -s /bin/bash.
- Close terminal app.
- Open the terminal app again and verify that bash is your default shell.
- Option 1: open the terminal and cd into the folder where your script is located. ...
- Option 2: make the script 'executable' by running chmod +x myscript.sh on the terminal. ...
- Option 3: move myscript.sh into one of the folders in your PATH (to see what these folders are, run echo $PATH ).
According to Microsoft, the deployment schedule is as follows: The Intune management extension agent checks with Intune once every hour and after every reboot for any new scripts or changes.
How do I deploy a batch file through Intune? ›
- Download Microsoft Win32 Content Prep Tool. Its a zip file therefore extract its contents into a folder.
- Create an empty folder for example C:\output or anywhere you like.
- Repackage the Deploybatch folder to .
- Open Task Scheduler. ...
- From the Actions pane on the right choose: Create Basic Task…
- Specify a name for the Scheduled Task and press Next.
- Select the trigger for the task to run.
In the Script Editor app on your Mac, click the Run button in the toolbar, or press Command-R, to execute the commands in your script.
How do I run PowerShell on Mac? ›How do I run PowerShell on Mac? To run PowerShell on Mac, you can directly download its . pkg file from Microsoft's site, or you can use Homebrew to install PowerShell. Once PowerShell is installed, you can run it by opening a Terminal window and executing the pwsh command.
Should I use bash or zsh on Mac? ›The Z shell (also known as zsh ) is a Unix shell that is built on top of bash (the default shell for macOS) with additional features. It's recommended to use zsh over bash . It's also highly recommended to install a framework with zsh as it makes dealing with configuration, plugins and themes a lot nicer.
Is Mac bash the same as Linux bash? ›Like Linux, macOS defaults to using the bash shell at the command line, and like Linux, you can use other shells. The way the command line works is the same, of course. Linux and macOS have the same POSIX-specified UNIX command-line programs.
What is the Mac extension for bash script? ›The . sh file extension works well for all these scripts. The . bash and .
How to install bash script Mac? ›- To install bash, run the following command in macOS terminal (Applications->Utilities->Terminal) sudo port install bash Copy.
- To see what files were installed by bash, run: port contents bash Copy.
- To later upgrade bash, run: sudo port selfupdate && sudo port upgrade bash Copy.
Zsh is more interactive and customizable than Bash. Zsh has floating-point support that Bash does not possess. Hash data structures are supported in Zsh that are not present in Bash. The invocation features in Bash is better when comparing with Zsh.
Why did Apple drop bash? ›Long story short — licensing. Newer versions of Bash are licensed under the GPLv3 (GNU General Public License version 3) which says you can't use it on a system that blocks 3rd party software installation. That's the reason why macOS stuck with 3.2. 57 version released under GPLv2 which dates back to 2007.
How to deploy any application to macOS device using Intune? ›
- Sign in to the Microsoft Intune admin center.
- Select Apps > All apps > Add.
- In the Select app type pane, under the Other app types, select Line-of-business app.
- Click Select. The Add app steps are displayed.
Intune automatically turns on supervision for user-approved devices running macOS 11 and later. It also does this for enrolled devices that later update to macOS 11 or later. Intune announced support for user approved enrollment in June 2020.
Can you join Mac to Intune? ›Enroll your macOS device with the Intune Company Portal app to gain secure access to your work or school email, files, and apps. Organizations typically require you to enroll your device before you can access proprietary data. After your device is enrolled, it becomes managed.
What is bash shell in macOS? ›Bash is a command-line interface shell program used extensively in Linux and macOS. The name Bash is an acronym for “Bourne Again Shell,” developed in 1989 as a successor to the Bourne Shell.
What shell does Mac use? ›Mac's default shell is either zsh (Z shell) or bash (Bourne-again Shell). This default shell is determined by the version of macOS you're running. For macOS Mojave and earlier, the default shell is bash. For macOS Catalina and later, the default shell is zsh.
How do I know if I have bash or zsh? ›Update your Terminal preferences to open the shell with the command /bin/bash , as shown in the screenshot above. Quit and restart Terminal. You should see “hello from bash”, but if you run echo $SHELL , you will see /bin/zsh .
How do I run a shell script executable? ›- 1) Create a new text file with a . sh extension. ...
- 2) Add #!/bin/bash to the top of it. This is necessary for the “make it executable” part.
- 3) Add lines that you'd normally type at the command line. ...
- 4) At the command line, run chmod u+x YourScriptFileName.sh. ...
- 5) Run it whenever you need!
Nearly all syntax from bash scripts will 'just work' in zsh as well. There are just a few important differences you have to be aware of. The most significant difference, which will affect most scripts is how zsh treats word splitting in variable substitutions.
How do I run a shell script locally? ›- Open the terminal. Go to the directory where you want to create your script.
- Create a file with .sh extension.
- Write the script in the file using an editor.
- Make the script executable with command chmod +x <fileName>.
- Run the script using ./<fileName>.
Each device that accesses and uses the online services and related software (including System Center software) must have a device license available in the Microsoft 365 tenant. If a device is used by more than one user, each device requires a device based software license or all users require a user software license.
How many devices can Intune manage? ›
Intune device limit restrictions
You can allow a user to enroll up to 15 devices. To set a device limit restriction, sign in to Microsoft Intune admin center. Then go to Devices > Enrollment restrictions. For more information, see Create a device limit restriction.
Start the process by opening your Microsoft Windows PC's Start menu, searching for Task Scheduler, and selecting that tool in the search results. Select Action > Create Basic Task on the Task Scheduler's window. You'll use this task to run your batch file.
How do I deploy an application through Intune? ›- In MEM, navigate to Apps > Windows > + Add and choose the app type Windows app (Win32). ...
- You configure the Win32 application using the add app wizard. ...
- After selecting the file, you populate the files of app metadata. ...
- On the program page, you need to enter install and uninstall commands for your app.
- Step 1 − Open the command prompt (cmd.exe).
- Step 2 − Go to the location where the . bat or . cmd file is stored.
- Step 3 − Write the name of the file as shown in the following image and press the Enter button to execute the batch file.
To run a script on one or many remote computers, use the FilePath parameter of the Invoke-Command cmdlet. The script must be on or accessible to your local computer. The results are returned to your local computer.
How do I run a script automatically? ›- This line tells the system to run the script located at "/path/to/script" with arguments "arg1" and "arg2" when the system starts up.
- Save and exit the file.
- Make the rc. local file executable by typing "sudo chmod +x /etc/rc. ...
- Restart your system to test that the script is being run on startup.
- Sign Your PowerShell Scripts. A code signing certificate issued by a trusted certificate authority (CA). ...
- Change or Bypass the Windows Execution Policy on Your Device, User, Group or Session. ...
- Unblock the Downloaded File/Script.
Execute commands in the shell
In the Terminal app on your Mac, enter the complete pathname of the tool's executable file, followed by any needed arguments, then press Return.
PowerShell 7.0 or higher require macOS 10.13 and higher. All packages are available on our GitHub releases page. After the package is installed, run pwsh from a terminal. Before installing, check the list of Supported versions below.
What is the alternative to Windows PowerShell for Mac? ›
- Free • Open Source.
- Terminal Emulator.
- SSH Client.
PowerShell on Linux and macOS uses . NET Core, which is a subset of the full . NET Framework on Microsoft Windows. As a result, scripts that run on Windows may not run on non-Windows platforms because of the differences in the frameworks.
What is bash alternative for Mac? ›- Tabby Terminal. Free • Open Source. Terminal Emulator. ...
- 379. ConEmu. Free • Open Source. ...
- 176. PowerShell. Free • Open Source. ...
- Hyper. Free • Open Source. Terminal Emulator. ...
- Windows Command Prompt. Paid • Proprietary. ...
- Fluent Terminal. Free • Open Source. ...
- TEXTREME. Free • Open Source. ...
- Penteract CMD GUI Creator. Free • Proprietary.
PowerShell 7.0 or higher require macOS 10.13 and higher. All packages are available on our GitHub releases page. After the package is installed, run pwsh from a terminal.
How do I run a Python shell script on a Mac? ›On a Mac system, it is very straightforward. All you need to do is open Launchpad and search for Terminal , and in the terminal, type Python , and it will give you an output with the Python version.
Should I use bash or Zsh on Mac? ›The Z shell (also known as zsh ) is a Unix shell that is built on top of bash (the default shell for macOS) with additional features. It's recommended to use zsh over bash . It's also highly recommended to install a framework with zsh as it makes dealing with configuration, plugins and themes a lot nicer.
Can you write scripts on Mac? ›Script Editor lets you create powerful scripts, tools, and even apps. You can create scripts to perform repetitive tasks, automate complex workflows, and control apps or even the system.
How do I run a PowerShell script file on a Mac? ›How do I run PowerShell on Mac? To run PowerShell on Mac, you can directly download its . pkg file from Microsoft's site, or you can use Homebrew to install PowerShell. Once PowerShell is installed, you can run it by opening a Terminal window and executing the pwsh command.
How do I run a shell script in Python terminal? ›- Open the terminal by searching for it in the dashboard or pressing Ctrl + Alt + T .
- Navigate the terminal to the directory where the script is located using the cd command.
- Type python SCRIPTNAME.py in the terminal to execute the script.
Mac's default shell is either zsh (Z shell) or bash (Bourne-again Shell). This default shell is determined by the version of macOS you're running. For macOS Mojave and earlier, the default shell is bash. For macOS Catalina and later, the default shell is zsh.
Why did Apple stop using bash? ›
Long story short — licensing. Newer versions of Bash are licensed under the GPLv3 (GNU General Public License version 3) which says you can't use it on a system that blocks 3rd party software installation. That's the reason why macOS stuck with 3.2. 57 version released under GPLv2 which dates back to 2007.
Why did Apple replace bash with zsh? ›One of the primary reasons why Apple switched to zsh is because it is closer to the functionality of the standard bash. If you are familiar with the standard bash, you will be glad to know that there is an Apple ZSH prompts which looks similar to the one you will find in Microsoft Outlook.
How do I create a .sh file on a Mac? ›- In the Terminal app on your Mac, use the cd command to move into the directory that contains the file you want to make executable. For example: % cd YourScriptDirectory.
- Enter the chmod command. For example: % chmod 755 YourScriptName.sh.
AppleScript is a scripting language created by Apple Inc.
How do I run a script daily on a Mac? ›- Launch System Preferences and select Power Manager.
- Click Add… to create a new event.
- Choose the template Run a script daily.
- Click Continue to the Script step.
- Copy and paste your shell script into the Script step. ...
- Click Continue to the When step.