How To
Summary
MaaS360 gives admins the ability to enroll macOS devices with a PKG and a simple script to allow for a more automated enrollment process for devices outside of DEP. The instructions below demonstrate the workflows manually, but they may be automated via various remote management/distribution tools.
Environment
macOS running 10.9 or higher with no existing MDM profile installed on the device by the time the script is run
Steps
License key for enrollment - in the MaaS360 portal, navigate to the Setup-->Services Select the Mobile Enterprise Gateway or Enterprise Email Integration and generate a key for the Cloud Extender (you do not need to be using the CE for this service, we just need the license key). The key will be sent to the admin email address.
Install the macOS agent
The preferable workflow would be to work the agent in to an image or to deploy it remotely with an existing management tool. The below steps will demonstrate a manual enrollment of the PKG. There is a copy of the PKG here, dated for March 2019. As this article ages, so will the agent, so for the most recent copy please reach out to your MaaS360 account representative for more information. Download here
Launch the .pkg and follow the onscreen instructions:
After it is installed, the package will potentially auto run and bring up an enrollment screen. Close/ignore this screen. Do not move forward with the package post-install. Admins can verify the install was a success by navigating to Apps-->Utilities. If there is a MaaS360 folder, the package installed correctly.
Run the enrollment script
Open terminal and run the following:
sudo defaults write /Library/Preferences/com.fiberlink.MaaS360Visibility ValidLicKey ****
replace the **** with the full license key - hyphens included.
It will take a moment, but the MDM profile will come down to the device automatically. The device will be enrolled, but there will not be a user assigned. In this device context, admins may leave it with no user assignment, assign a user manually in the portal, or allow users to sign in with their MaaS360 enrollment credentials for auto-assignment.
Additional Information
If there are issues with the enrollment, first try rebooting the device. If that does not work, navigate to Apps-->Utilities-->MaaS360 and run the diagnostic tool. This will create a .ZIP on the desktop. Look in the resulting folder for "servicedaemon" logs and errors with the profile should populate. A debug profile from an Apple developer account may be needed to generate more detailed logging to fully debug.
Document Location
Worldwide
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSYSXX","label":"IBM MaaS360"},"Component":"","Platform":[{"code":"PF017","label":"Mac OS"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
07 March 2019
UID
ibm10875394