Proofpoint | ObserveIT On-Premises Insider Threat Management

Mac Agent Mass Deployment using VMware AirWatch

This topic describe how to deploy Mac Agents using VMware AirWatch.

VMware AirWatch deployment is supported for macOS Catalina and macOS Mojave. macOS Big Sur is not currently supported.

Prerequisites for Mass Deployment

• You need the observeit-agent-OSX-<version>.dmg located in the ObserveIT Mac Agent installation directory folder. This file includes the ObserveIT package file observeit-agent-OSX-<version>.pkg.

• Copy the observeit-agent-OSX-<version>.pkg package file to your desktop or another folder that is easily accessible.

  For more information about the files, see Mac Agent Files.

Mac configuration profile must be configured and installed in order for the Agent to record. Do not remove the configuration profile from an endpoint with an installed Agent. See What You Need to Know about Mac Agent Setup.

Setting up the configuration files

To get started add the applications.

1. Log in to VMware AirWatch.

2. Select Devices > Profiles & Resources > Profiles from the menus on the left and the Profiles area displays.

   

3. Select Add and Add Profile from the dropdown menu. When prompted to select a platform, select macOS.

   

4. The list of options displays. Select Security & Privacy.

   

5. Select Device Profile.

   The Privacy Preferences display. Here you add the apps and services.

   You will add three applications.

   To add the logger process, click Add App.

   

6. The Define App or Process options display.

   In this section complete the following:

   • Identifier: = /Library/IT/agent/logger

     For obfuscation, of the filename, replace logger with filename you want.

   • Identifier Type = Path

   • Code Requirement = anchor apple generic and identifier logger and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MUBXW7FUN2)

   

   Scroll down and in this section, complete the following:

   • Accessibility = Allow

   • System Policy All Files = Allow

   

   Scroll down and add the Apple events.

   • Apple Events = Allow

   • Receiver Identifier = com.apple.systemuiserver

   • Receiver Identifier Type = BundelID

   • Receiver Code Requirements = identifier "com.apple.systemuiserver" and anchor apple

   Click Add Apple Event and add the next Apple event.

   • Apple Events = Allow

   • Receiver Identifier = com.apple.systemuiserver

   • Receiver Identifier Type = BundelID

   • Receiver Code Requirements = identifier "com.apple.systemuiserver" and anchor apple

   

7. Click Save.

8. Add the next application.

   From Privacy Preferences, click Add App and the Define App or Process options display.

   Complete exactly as shown below:

   (Scroll down to see all the fields.)

   • Identifier = /Library/IT/agent/service

   • Type: = PATH

   • Code Requirement: = anchor apple generic and identifier service and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MUBXW7FUN2)

   • System Policy All Files = Allow

   

   

9. Click Save.

10. Add the next application, From Privacy Preferences, click Add App and the Define App or Process options display.

    Complete exactly as shown below:

    (Scroll down to see all the fields.)

    • Identifier = /etc/omonitor/logger

      For obfuscation, of the filename, replace logger with the filename you defined in The Define App or Process options display. step.

    • Type = PATH

    • Code Requirement = anchor apple generic and identifier logger and (certificate leaf[field.1.2.840.113635.100.6.1.9] /* exists */ or certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = MUBXW7FUN2)

    • Accessibility = Allow

    

    

11. Click Save.

12. You can review the Apps added in Privacy Preferences.

    

Deploying the Agent

Before you begin, modify the relevant fields in the preinstall script. (See Mac Agent Files.)

1. Select Apps & Books > Applications from the menus on the left and the Native area displays.

   

2. Click Add Application.

   The Add Application area displays. Click Continue.

   

3. The Add dialog box displays. Browse to the file you want to upload and click Save. (This is the .pkg file includeobserveit-agent-OSX-<version>.dmg>.

   

4. In the Add Application area, click Continue to go to Workspace One Admin Assistant where you will export the Metadata File.

   If this is the first time you are doing this, you must download and install the Workspace One Admin Assistant before you can proceed.

   

5. In the Administrative Assistant, select the file .(pkg) and click Open and the file parsing begins.

   

6. When the parsing is complete, click Reveal in Finder.

   

7. The Finder opens. Locate the plist file that was created.

   

8. You are returned to the Add Application area. Browse to the .plist file and click Upload. The click Continue.

   

9. In the Edit Application area, select the Scripts tab.

   In the Pre-Install Script field, copy the contents from the preinstall script. (See preinstall script.)

   In the Pre-Uninstall field, copy the contents of the preuninstall script. (See preuninstall script .)

   Click Save & Assign.

   

10. In the Select Assignment Groups field, select the groups where the Agent will be installed. Click Add.

    

11. Preview Assigned Devices and click Publish.

    

Related Topics:

Mac Agent Deployment Overview

Mac Agent Mass Deployment using JAMF