Share via


Deploying System Center Endpoint Protection to Mac OS X using Configuration Manager

Overview:

In this post, I’m going to talk about the process I took to package and deploy the Mac Endpoint Protection client using Configuration Manager 2012 SP1.

My Environment:

  • CM12PS1.CONTOSO.LOCAL = Standalone Primary Site Server (HTTPS Only)
  • Justins-MacBook-Pro.local = Mac OS X Client not domain joined

Steps to Take:

The first thing you will need to do is download the latest Endpoint Protection clients for Mac and Linux. This is available from the Volume Licensing website. This should either be an ISO or a self-extracting .EXE.

Once the files are extracted, you should put it on a network share that a Mac OS X client can access, because we will need to create a Configuration Manager application (.CMMAC file) using the CMAppUtil tool from the Mac OS X client installer(In the tools folder).

I’m actually using the RTM bits for Endpoint Protection, because I didn’t have access to the SP1 bits. I copied the Endpoint Protection Installer (ENU.scepMac.i386.dmg in my case) and the CMAppUtil tool to the desktop on my Mac.

Next you will need to open terminal cd to the location of the CMAppUtil and the DMG installer then run some commands to create a CMAPP installer file (My command was "sudo ./CMAppUtil -c ./ENU.scepMac.i386.dmg -o ./" yours may be different depending on your DMG Installer name)

There will be two packages within the DMG image. You will be prompted to choose what one you want to create a CMAPP file for. We want to choose option 1 (this should be the install.pkg)

Type 1 and click enter, it should begin the process of creating the CMMAC file. This file will be saved in the current path you are in within terminal.

Now we will need to copy our CMMAC file to our package source share so we can create an application within the Configuration Manager console

Now we will create an Application in the Console for the CMMAC file for Endpoint Protection

Once the Application is created, I distributed Content and created a required Deployment for the end point protection applicationto a collection containing my Mac Client. This is the notification that the end user should receive when the machine refreshes its policy.

Install Complete!

Here’s the Client

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of any included script samples are subject to the terms specified in the Terms of Use

Comments

  • Anonymous
    January 01, 2003
    They were on my personal blog that I deleted without backing up the images :/. I will be looking at recreating the images sometime soon.
  • Anonymous
    April 11, 2014
    Starting with SP1 there are 4 Installer and 1 Uninstaller Packages in the .dmg file.
  • Anonymous
    March 05, 2015
    Pictures... Where be the pictures?
    • Anonymous
      May 02, 2018
      It looks like they were linked back to my old site. Since Mac support is pretty limited not sure if I will worry about re-creating these.
  • Anonymous
    May 06, 2015
    Hello, I followed this guide the best I could without images. When the installation pops up on the mac from our System Center 2012 R2 server, as soon as you click Install Now. I receive "Configuration Manager encounterd a problem. The software installation or update could not be completed. For more information contact your help desk" There is no error number. It happens immediately so its like the installation never starts. The mac is running OS X 10.8.5, there are no other security platforms installed and it is logged in as me (full domain admin). Any suggestion on what to check or do?
  • Anonymous
    June 15, 2015
    Ryan, I've got the same issue as you have described. Is your Mac domain-joined? Mine isn't so i'm guessing that the issue is due to permissions
  • Anonymous
    July 28, 2015
    Hi All. I just created a package for distibution, and can inform you that this guide has a small error, with the version of SCEP i was deploying i needed to sellect option 3 when selecting which package the CMappUtil should package. it is quite easy to see as the file size of the .cmmac file will be alot larger than using the other ones.
  • Anonymous
    January 06, 2016
    all jpg are missing, as is the whole site - http://setupconfigmgr.com
    • Anonymous
      May 02, 2018
      Ah, Yeah looks like some of the resources were pointing to my old blog site.
  • Anonymous
    March 22, 2018
    Do the MACBooks need to be managed in Configuration Manager for this to work?
    • Anonymous
      May 02, 2018
      Yeah, they would need the ConfigMgr agent for this.