Deploying macOS agents using Microsoft Intune

For IT administrators responsible for managing macOS devices, using Microsoft Intune to remotely install macOS agents on customer devices offers a streamlined and efficient software deployment solution.

This guide covers the steps to install agents on macOS devices using Microsoft Intune and shell scripts.

Key Considerations

  • The script is only valid until the registration token expires. To continue deployments where the registration token has expired, an updated script with a new registration token must be uploaded.

  • The script may take a long time to run, often exceeding 8 hours.

Generate the script

The first step in the process is to create a script containing the unique information for the Customer or Site you want to register the devices against.

Download and populate the script

  1. Download the macOS agent deployment shell script. View the script at or click to download.

  2. Open the script in your text editor of choice and populate appropriate values in the set_global_variables function at the start of the script.

  3. Save the script to an easily accessible location.

set_global_variables Value

Obtain the Registration Token from the Download Agent/Probe page for the specific Customer or Site. When in the page click Get Registration Token.

param_server Your N-central URL or FQDN without any prefix or trailing slash. For example, would be entered as

At the Service Organization level, select Administration > Customers in the left navigation and select the target customer. The Customer ID is the customer's 'Access Code' value.

param_customer_name Use the "Name" value from the same AdministrationCustomers page.

Add the script to Intune

To add the script to Intune.

  1. Log into the Microsoft Intune admin center.

  2. Go to Devices in the left menu and select macOS under either "By platform" or "Manage devices by platform".

  3. The Microsoft Intune admin center Home, Devices Overview page with the macOS options highlighted.

  4. Select Shell scripts under "macOS policies".

  5. Click Add to run the "Add script wizard".

  6. The macOS Shell scripts page highlighting Shell scripts button under macOS policies and the Add button.

  7. In Basics, enter the following information, then click Next:
    • Name (required): enter a descriptive name to identify the script. For example,

    • Description (optional): enter information on what the script does.

    • The Basic section of the Add script wizard with the Name and Description populated with example values.

  8. In Script Settings, upload the script, configure its settings then click Next:
  9. Upload script: Use the browse option to locate and upload the shell script. The file size must be less than 200 KB.

    Enter the following settings for the script:

    • Run script as signed-in user: Choose No to run the script as the root user.
    • Hide script notifications on devices: Select the appropriate setting for your organization.

    • Script frequency: Choose Not Configured, this will only run the script once on each device.

    • Max number of times to retry if script fails: Select 3, the number of times Intune will re-run the script where an error message is returned.

  10. In Assignments select the customer or site group(s) to run the script on.
  11. Shell scripts assigned to user groups apply to any user logging in to the Mac.

    Assignments page with All devices selected as the group.

  12. In Review + add review the Summary to ensure all the settings are accurate, use Previous to go back and change any settings. Once satisfied click Add to save the script and deploy the policy to the selected groups.

Once added, the script appears in the macOSShell scripts list:

Click on the Script name to view the run information for the script.

For more detailed information on adding shell scripts to Intune, including policy monitoring, and troubleshooting steps, please refer to the Microsoft article: Use shell scripts on macOS devices in Intune.