Deploying MAC Roaming clients using Microsoft Intune (Microsoft Endpoint Manager)

Article author
Fikayo Adepoju
  • Updated

This guide will help you to use shell scripts to extend device management capabilities in Intune, beyond what is supported by the macOS operating system.


  • Devices should be running macOS 10.13 or later.
  • Devices should be managed by Intune.
  • Shell scripts begin with #! and must be in a valid location such as #!/bin/sh or #!/usr/bin/env zsh.


Create the script below which downloads and installs the macOS roaming client:

Note: Make sure to insert your own site secret key within the below script, this can be found within the dashboard, under the Roaming Clients > Install section when you select the desired deployment site. 


curl -o /tmp/DNSFilter%20Agent-Installer.pkg

cd /tmp && echo INSERTYOURSITESECRETKEYHERE > dns_agent_site_key && sudo installer -dumplog -store -pkg DNSFilter%20Agent-Installer.pkg -target /

On your Microsoft Intune dashboard, Select Devices -> macOS -> Scripts and click the Add button




On the Basics tab, enter a name for the script in the Name field and click Next.

On the Script Settings tab, browse and select the DNSFilter script for the Upload Script field and leave the remaining fields as default.


Click Next.

Under the Assignments tab, select groups to include.


An existing list of Azure AD groups is shown. Select one or more user or device groups. 

The selected groups are shown in the list and will receive your script policy. Shell scripts assigned to user groups apply to any user logging into the MAC. 

Click Next to proceed.

On the “Review + add” tab, a summary of your configuration is shown for you to confirm that everything is fine. 


Click the Add button to save the script, this will cause the script policy to be deployed to the groups you choose.




Was this article helpful?

0 out of 1 found this helpful

Have more questions? Submit a request



Please sign in to leave a comment.