I
Intune_Support_Team
Starting with Intune management agent for macOS v2407.005, we’re improving reliability and consistency for macOS notifications appearing in Notification Center when using shell scripts. When a script policy with a notification command is received by the Intune agent on the Mac, the agent now requests access to “System Events” on macOS. This prompts macOS to request the device user to allow or disallow the “System Events” permission using the alert shown below.
Screenshot of a macOS alert asking to ‘Allow’ or ‘Don’t allow’ a “System Events” action requested by the Microsoft Intune Agent app.
If the user selects “Allow”, macOS system notifications for scripts run by the Intune agent will be enabled. If the user selects “Don’t Allow”, macOS system notifications for scripts run by the Intune agent will be disabled. The permission enables the Intune agent to consistently show notifications contained in the admin-assigned script policy.
Note: There’s no impact to the Intune agent’s functionality or its ability to manage devices or run assigned policies based on the users selection.
Screenshot of a sample ‘Contoso Admin script’ notification in the macOS Notification Center.
What to expect
In the coming week or soon after, the Intune agent will receive an updated Privacy Preferences Policy Control (PPPC) payload (when applicable) to configure this permission silently using mobile device management.
If you deploy macOS shell script that turns notifications on or have an Intune shell script policy with the setting “Hide script notifications on devices” set to “Not configured”, your managed devices will receive the prompt.
Screenshot of the ’Hide script notifications on devices’ setting in a macOS shell script policy.
Communicate to your macOS users that this prompt is expected, and they should select “Allow” on the alert. This setting can be managed under System Preferences > Privacy and Security > Automation > Microsoft Intune Agent on macOS devices.
Screenshot of the Privacy and Security settings options displaying the Microsoft Intune Agent ‘Automation’ settings.
If you have any questions or feedback, leave a comment below or reach out on X @IntuneSuppTeam.
Continue reading...
Screenshot of a macOS alert asking to ‘Allow’ or ‘Don’t allow’ a “System Events” action requested by the Microsoft Intune Agent app.If the user selects “Allow”, macOS system notifications for scripts run by the Intune agent will be enabled. If the user selects “Don’t Allow”, macOS system notifications for scripts run by the Intune agent will be disabled. The permission enables the Intune agent to consistently show notifications contained in the admin-assigned script policy.
Note: There’s no impact to the Intune agent’s functionality or its ability to manage devices or run assigned policies based on the users selection.
Screenshot of a sample ‘Contoso Admin script’ notification in the macOS Notification Center.What to expect
In the coming week or soon after, the Intune agent will receive an updated Privacy Preferences Policy Control (PPPC) payload (when applicable) to configure this permission silently using mobile device management.
If you deploy macOS shell script that turns notifications on or have an Intune shell script policy with the setting “Hide script notifications on devices” set to “Not configured”, your managed devices will receive the prompt.
Screenshot of the ’Hide script notifications on devices’ setting in a macOS shell script policy.Communicate to your macOS users that this prompt is expected, and they should select “Allow” on the alert. This setting can be managed under System Preferences > Privacy and Security > Automation > Microsoft Intune Agent on macOS devices.
Screenshot of the Privacy and Security settings options displaying the Microsoft Intune Agent ‘Automation’ settings.If you have any questions or feedback, leave a comment below or reach out on X @IntuneSuppTeam.
Continue reading...