I’ve recently had to deploy the Zscaler application for macOS using Intune.
Zscaler have a guide available here: [Guide] Deploy Zscaler Client Connector with Intune (Windows & macOS) - Client Connector - Zenith
However this guide has a lot of unnecessary steps, as Intune does not support deploying of .app files the guide has details on creating, signing and notarizing a .pkg
None of this is however necessary as the .app file is already signed and can be installed directly on a macOS device.
My approach was to host the Zscaler installation file in a public location (i.e. Azure Blob Storage) and install the application via a bash script.
I’ve used scripts from Neil Johnson (https://github.com/microsoft/shell-intune-samples/tree/master/Apps) as a sample to build a Zscaler installation script.
Script Settings
- Run script as signed-in user : No
- Hide script notifications on devices : Not configured
- Script frequency : Not configured
- Mac number of times to retry if script fails : 3
#!/bin/bash
#set -x
############################################################################################
##
## Script to install zScaler version 3.0.0.144
##
###########################################
## Based of https://github.com/microsoft/shell-intune-samples/blob/master/Apps/Visual%20Studio%20Code/installVSCode.sh
# Define variables
tempfile="/tmp/zscaler/zscaler.zip"
weburl="https://public.url/Zscaler-osx-3.0.0.144-installer.app.zip"
appname="Zscaler"
log="/var/log/installzscaler.log"
waitForCurl () {
while ps aux | grep curl | grep -v grep; do
echo "$(date) | Another instance of Curl is running, waiting 60s for it to complete"
sleep 60
done
echo "$(date) | No Curl's running, let's start our download"
}
# start logging
exec 1>> $log 2>&1
# Begin Script Body
echo ""
echo "##############################################################"
echo "# $(date) | Starting install of $appname"
echo "############################################################"
echo ""
rm -rf /tmp/zscaler
mkdir /tmp/zscaler
echo "$(date) | Downloading $appname"
waitForCurl
curl -L -f -o $tempfile $weburl
cd /tmp/zscaler
echo "$(date) | Unzipping $tempfile"
unzip -q $tempfile > /dev/null
app=$(ls -1 /tmp/zscaler/ | grep .app | head -1)
echo "$(date) | Executing installbuilder.sh from ${app}"
sudo sh "/tmp/zscaler/${app}/Contents/MacOS/installbuilder.sh" --hideAppUIOnLaunch 1 --mode unattended --unattendedmodeui none
echo "$(date) | Cleaning up tmp files"
rm -rf "/tmp/zscaler"
Microsoft article on shell scripts in Intune is available here: Use shell scripts on macOS devices in Microsoft Intune | Microsoft Learn