Deploying Zscaler on macOS with Intune

Microsoft EM+S and Intune
1

I’ve recently had to deploy the Zscaler application for macOS using Intune.

Zscaler have a guide available here: [Guide] Deploy Zscaler Client Connector with Intune (Windows & macOS) - Client Connector - Zenith

However this guide has a lot of unnecessary steps, as Intune does not support deploying of .app files the guide has details on creating, signing and notarizing a .pkg

None of this is however necessary as the .app file is already signed and can be installed directly on a macOS device.

My approach was to host the Zscaler installation file in a public location (i.e. Azure Blob Storage) and install the application via a bash script.

I’ve used scripts from Neil Johnson (https://github.com/microsoft/shell-intune-samples/tree/master/Apps) as a sample to build a Zscaler installation script.

Script Settings

  • Run script as signed-in user : No
  • Hide script notifications on devices : Not configured
  • Script frequency : Not configured
  • Mac number of times to retry if script fails : 3
#!/bin/bash
#set -x

############################################################################################
##
## Script to install zScaler version 3.0.0.144 
##
###########################################
## Based of https://github.com/microsoft/shell-intune-samples/blob/master/Apps/Visual%20Studio%20Code/installVSCode.sh

# Define variables

tempfile="/tmp/zscaler/zscaler.zip"
weburl="https://public.url/Zscaler-osx-3.0.0.144-installer.app.zip"
appname="Zscaler"
log="/var/log/installzscaler.log"

waitForCurl () {
    while ps aux | grep curl | grep -v grep; do
        echo "$(date) | Another instance of Curl is running, waiting 60s for it to complete"
        sleep 60
    done
    echo "$(date) | No Curl's running, let's start our download"
}

# start logging
exec 1>> $log 2>&1

# Begin Script Body
echo ""
echo "##############################################################"
echo "# $(date) | Starting install of $appname"
echo "############################################################"
echo ""

rm -rf /tmp/zscaler
mkdir /tmp/zscaler

echo "$(date) | Downloading $appname"
waitForCurl
curl -L -f -o $tempfile $weburl

cd /tmp/zscaler
echo "$(date) | Unzipping $tempfile"
unzip -q $tempfile > /dev/null
app=$(ls -1 /tmp/zscaler/ | grep .app | head -1)

echo "$(date) | Executing installbuilder.sh from ${app}"
sudo sh "/tmp/zscaler/${app}/Contents/MacOS/installbuilder.sh" --hideAppUIOnLaunch 1 --mode unattended --unattendedmodeui none

echo "$(date) | Cleaning up tmp files"
rm -rf "/tmp/zscaler"

Microsoft article on shell scripts in Intune is available here: Use shell scripts on macOS devices in Microsoft Intune | Microsoft Learn