Browse Docs

MacOS Deployment via Intune

This guide explains how to deploy DefensX on macOS devices managed through Microsoft Intune. The process involves installing the DefensX Agent by a script, applying configuration profiles, and deploying the DefensX CA certificate.

Installation

Deploying DefensX via Intune managed Mac computers can be done in 4 steps.

Download the required files

  • Sign in to the DefensX Backend and navigate to Policies → Policy Groups.

  • Click the RMM icon of the specific deployment. In this dialog, you need to download the following items:

    • DefensX mobileconfig [generic] (works with most MDMs including Intune)

    • DefensX-CA Certificate

    • Installer Script (DefensX-installer.sh)

    • Uninstaller Script (DefensX-uninstaller.sh)

rmm mac mdm dialog

Create and Deploy the Installer Script

  • Sign in to the Microsoft Intune Portal and navigate to Devices → macOS → Scripts

  • Click on the + Add button

  • Enter DefensX Installer as the script name, then click Next

  • Upload the previously downloaded DefensX-installer.sh.

  • Configure the script:

    • Run script as signed-in user: Select No

    • Script frequency: Choose as required

mac intune install script

  • Assign the script to the appropriate devices or user groups.

  • Review the configuration and click Add to complete.

Create MDM Profile for DefensX Settings

  • In the Intune Portal, go to Devices → macOS → Configuration.

  • Under Policies, click Create and select + New Policy.

  • In Profile type, select Templates → Custom, then click Create.

mac mdm defensx policy

  • Enter a descriptive name such as “DefensX Default Policy”, then click Next

mac mdm defensx policy name

  • Assign the policy to the relevant devices or user groups.

  • Review and click Create.

Tip
 You can create multiple DefensX policies for different groups (e.g., enabling browser Incognito mode for certain users). Only the DefensX policy itself needs customization, the installer script and CA certificate remain the same.

Deploy the DefensX-CA Trusted Certificate

The DefensX-CA certificate is required to properly render HTTPS block pages in browsers that do not use the DefensX extension or standalone clients.

  • In the Intune Portal, go to Devices → macOS → Configuration.

  • Click Create → New Policy

  • Select TemplatesTrusted certificate, then click Create.

  • Enter “DefensX CA Certificate” as the profile name.

  • Set Deployment Channel to Device Channel.

  • Upload the DefensXCAlocalhost.crt file (downloaded earlier).

mac mdm defensx ca

  • Assign to the required devices or user groups. *Review and click Create.

Uninstall DefensX

To uninstall DefensX, deploy the Uninstaller Script and remove the Installer Script assignment from targeted devices.

  • In the Intune Portal, go to Devices → macOS → Scripts and click + Add.

  • Enter DefensX Uninstaller as the script name, then click Next

  • Upload the previously downloaded DefensX-uninstaller.sh.

    • Run script as signed-in user: Select No

    • Script frequency: Choose as required

  • Assign the script to the relevant devices or user groups.

  • Review and click Add to complete.