Installation and configuration of Sophos Endpoint for macOS - Intune
- Terje Monsen
- Nov 1, 2024
- 2 min read
Updated: Nov 5, 2024
After searcing, troubleshooting endlessly, contatcting Sophos Support for having guidelines on how to push and configure Sophos Endpoint to our users via Microsoft Intune. Today I have have finally made the setup work, and I'm happy to share it with you.
If you use the following guide you can sucessfully install Sophos to your macOS Intune enrollded devices...
Auto install Sophos to devices.
Start by navigating to https://intune.microsoft.com/
Devices
macOS
Scripts
+ Add
Name your script and add description if needed. This is optional
Open Notepad or any other editor and use the following code:
#!/bin/bash
mkdir /tmp/Intune
if [ -d /Applications/Sophos/ ];
then
echo "Already Installed"
touch /tmp/Intune/Sophos_AlreadyInstalled.tmp
exit 0
else
SOPHOS_DIR="/tmp/Sophos_Install"
mkdir $SOPHOS_DIR
cd $SOPHOS_DIR
# Installing Sophos
curl -L -O "###URLFROMSOPHOSADMIN###/SophosInstall.zip"
echo "Sophos Install Downloaded"
unzip SophosInstall.zip
chmod a+x $SOPHOS_DIR/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer
chmod a+x $SOPHOS_DIR/Sophos\ Installer.app/Contents/MacOS/tools/com.sophos.bootstrap.helper
sudo $SOPHOS_DIR/Sophos\ Installer.app/Contents/MacOS/Sophos\ Installer --quiet
echo "Sophos Installed"
rm -rf $SOPHOS_DIR
touch /tmp/Intune/Sophos_Installed.tmp
exit 0
fi
Replace ###URLFROMSOPHOSADMIN### with your own install information.
This is how you get the url:
In Sophos Admin go to Devives and Installers.
Click on the link for "Download Complete macOS Installer"
I use Microsoft Edge, this an example of how to do this with this browser. When download is complete, right click in the downloaded file:
Paste the link somewhere, like notepad
Copy and add the full URL in the code above.
Now save the file as Sophos_Install_macOS.sh or any other name you like, but make sure it's a .sh file.
Now back in Intune admin center, upload the .sh file
These are the settings I have used for our organization.
I would reccomend deploying this policy to a group of test users before you deploy the policy to all users in your tenant.
Convert the Sophos .mobileconfig file to XML format.
Start by navigating to Sophos Admin.
Find your user and email the setup link to yourself.
On your macBook Download the installer that you have recieved via email.
In the package downloaded navigate to Deployment Tools, and open the folder called Sophos Endpoint.
Select and move the correct .mobileconfig file depending on what OS version your users have to a directory of your choice.
Open Terminal, and navigate to the folder where you saved the file.
Use the command "security cms -D -i name_of_config_file.mobileconfig > NewMobileconfig.xml"
Since I'm a Windows users I have sent the file to my Windows device for further config once I have created the .xml file.
Push out the required appoval settings to the device.
Navigate to https://intune.microsoft.com/
Devices
macOS
Configuration
+ Create
+ New Policy
Select custom profile
Give your profile a name, and a description if required or needed.
Click on the folder and navigate to your XML file that you have previous created on your macBook and shared.
Deploying this policy to the same group of test users as previos steps before you deploy the policy to all users in your tenant.
I hope you have sucess in making your Sophos deployment automated on your Tenant. If you have issues, please comment to this article
Shoutout to some of the articles that have helped me:
https://community.sophos.com/intercept-x-endpoint/f/discussions/147655/macos-agent-deployment-via-intune---allowing-system-extensions
https://community.sophos.com/intercept-x-endpoint/f/discussions/142846/macos-scripted-deployment---security-permissions
Thanks this helps alot, works like a sharm for us. Been seatching for this.