Intune allows you to deploy bash or sh scripts to macOS devices, similar to how you can deploy PowerShell scripts to Windows devices. Below are some generic tips and tricks about deploying bash scripts and some troubleshooting steps. You can also click here to read Microsoft's extensive documentation on the subject.

Table of Contents

Steps to Upload and Deploy Your Script

When Will the Computer Receive & Execute the Script?

Troubleshooting Bash or SH Script Deployments

When the Script is Successful but Intune Shows it as Failed

Steps to Upload and Deploy Your Script

Step 1: Open the Intune portal, select Devices in the left-hand menu blade, select macOS > Scripts (note that you may have to expand the Manage devices section), and select + Add.

Step 2: Add the Name of the script and optionally add a Description. Select Next.

Step 3: Configure the Script Settings

• Upload script: select the folder icon to browse your computer for the bash or shell script to deploy.

• Run script as signed-in user:

  • Yes: the script will run under the logged-in user context (as if the user were executing the script from Terminal)

  • No: the script will run under the root context with elevated permissions; use this option if you are making system changes that require root-level (admin) permissions.

• Hide script notifications on devices: unless you want your end users to receive a notification in the notification center that IT is configuring their device, change this to yes.

• Script frequency: set how often the script runs; if left as not configured, the script will only run once.

• Max number of times to retry if the script fails: set how many times Intune re-runs the scripts on end-user devices if the script fails; if left as not configured, the script will not run again if it fails.
  

Step 4: Add the appropriate users/devices assignments and then review and create your script deployment.

When Will the Computer Receive & Execute the Script?

According to Microsoft, the computer could take up to 8 hours before checking in to receive the script. It is important to note that the script "check-in" is not the same as the Intune MDM check-in that occurs every eight hours (or when manually forced via the Intune portal), so manually trying to sync the device from the portal will not help the computer to receive and execute the script.

How can we get the script to execute faster? See the note below:

Troubleshooting Bash or SH Script Deployments

When the Script is Successful but Intune Shows it as Failed

You may ask yourself, "Why does Intune show my script as failing when it is successful?" See below for a potential cause and solution:

Cause

A bash script may run successfully but Intune marks it as failed. Why does this happen? One cause could be that one of the commands in your script writes output to the console; even if the output is harmless (not an error), it may result in the script's exit code being something other than 0 (the successful exit code value).

Solution

I recommend finding the line of code in your script that is writing output to the console and redirecting that output. To suppress the command's output, append one of the following commands to the end of the line of code:

&> /dev/null 

> /dev/null 2>&1

Both commands do the same thing; both will take the command's output and/or errors (STDOUT and STDERR) and write them to the "black hole" directory also known as /dev/null. Rather than the command's output being written to the console, it is "written" or rather forwarded to nowhere. In the examples below, you can see how appending the two strings at the end of an echo command results in the output being suppressed.

If you prefer, you can write the output to a log file. This has the same effect - the output is no longer written to the console, but writing to a log file allows you to keep a record for troubleshooting or auditing purposes. See the new commands below:

&> "filepath/log.txt" 

> "filepath/log.txt" 2>&1

Cover picture provided by StorySet