Deploying MAC Roaming clients using Microsoft Intune (Microsoft Endpoint Manager)

Article author
Fikayo Adepoju
  • Updated

This guide will help you to use shell scripts to extend device management capabilities in Intune, beyond what is supported by the macOS operating system.


  • Devices should be running macOS 10.13 or later.
  • Devices should be managed by Intune.
  • Shell scripts begin with #! and must be in a valid location such as #!/bin/sh or #!/usr/bin/env zsh.


Create the script below which downloads and installs the macOS roaming client:


curl -o /tmp/DNSFilter%20Agent-Installer.pkg

cd /tmp && echo 36aa009b91f024eab483e2ba > dns_agent_site_key && sudo installer -dumplog -store -pkg DNSFilter%20Agent-Installer.pkg -target /

On your Microsoft Intune dashboard, Select Devices -> macOS -> Scripts and click the Add button




On the Basics tab, enter a name for the script in the Name field and click Next.

On the Script Settings tab, browse and select the DNSFilter script for the Upload Script field and leave the remaining fields as default.


Click Next.

Under the Assignments tab, select groups to include.


An existing list of Azure AD groups is shown. Select one or more user or device groups. 

The selected groups are shown in the list and will receive your script policy. Shell scripts assigned to user groups apply to any user logging into the MAC. 

Click Next to proceed.

On the “Review + add” tab, a summary of your configuration is shown for you to confirm that everything is fine. 


Click the Add button to save the script, this will cause the script policy to be deployed to the groups you choose.




Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request



Please sign in to leave a comment.