Error seen on while Installing SASE client on MacOS with MS-Intune:
This is a known issue related to MDM, and the limitation is from Intune. Please refer to the following procedure for distributing the client via Intune-based MDM:
Intune based mdm distribution - SASE Client Mac OSx
To distribute a SASE (Secure Access Service Edge) client to macOS devices using Microsoft Intune (MDM), you can follow a structured approach based on whether the SASE vendor provides a .pkg installer or requires configuration profiles. Here's a step-by-step overview to deploy a SASE client.
Go to Intune Admin Center https://intune.microsoft.com Navigate to:
Apps macOS + Add
Choose:
App type: macOS app (PKG)
Upload your .pkg file. Fill in:
App Information (name, publisher, version, etc.)
Minimum macOS version
Under Assignments, choose:
Groups (devices/users) to install to
Whether install is Required, Available, or Uninstall
Click Create to finalize.
Step 1: Please use pkg formate
Step 2: Fill in the package details
Step 3:
Pre-install script – its mandatory if we need to clean up the existing installation.
#!/bin/sh
echo "Cleanup Log: Removing Sase Main App"
VersaApp='/Applications/Versa SASE Client.app'
if [ -d "$VersaApp" ]; then
rm -rf '/Applications/Versa SASE Client.app'
fi
echo "Cleanup Log: Removing versa.conf file"
rm -rf /private/var/conf/versa/*
echo "Cleanup Log: Removing from /etc/versa.conf file"
rm -rf /private/var/conf/
echo "Cleanup Log: Removing versa Log files"
rm -rf /private/var/log/versa/
echo "Cleanup Log: Removing versa Software files"
rm -rf /private/var/versa/
echo "Cleanup Log: Removing NewSyslog Software files"
grep -v "private/var/log/versa/" /etc/newsyslog.conf > /tmp/tnewsyslog
mv /tmp/tnewsyslog /etc/newsyslog.conf
echo "Cleanup Log: Removing Files from /Users/Shared Folder"
rm -rf /Users/Shared/EIP/
rm -rf /Users/Shared/TrustedConnection.png
rm -rf /Users/Shared/versa.png
rm -rf /Users/Shared/sentinelOne.sh
rm -rf waDiagnose*
echo "Cleanup Log: Unloading LaunchDaemeons Files"
launchctl unload /Library/LaunchDaemons/com.versa.*
rm -rf /Library/LaunchDaemons/com.versa.*
echo "Cleanup Log: Unloading LaunchAgents Files"
launchctl unload /Library/LaunchAgents/com.versa.*
rm -rf /Library/LaunchAgents/com.versa.*
echo "Cleanup Log: Unloading preferences Files"
rm -rf ~/Library/Preferences/com.versa.*
echo "Cleanup Log: Killing Versa Sase Client related process."
kill -9 $(pgrep SaseClientWebsockets)
kill -9 $(pgrep VSATrayApp)
kill -9 $(pgrep Versa Sase Client)
Post install Script - its mandatory to set the permission.
#!/bin/sh
a=1
while [ $a -le 5 ]
do
VersaApp='/Applications/Versa SASE Client.app'
if [ -d "$VersaApp" ]; then
kill -9 $(pgrep VSATrayApp) $(pgrep 'Versa SASE Client') $(pgrep 'SaseClientWebsockets') 2>/dev/null
sleep 2
open '/Applications/Versa SASE Client.app/Contents/VSATrayApp.app'
echo "Restarted Versa SASE Client successfully."
break # Exit the loop on success
fi
sleep $((a * 10))
a=$((a + 1))
done
Step 4 - Select the only bundle identifier
Step 5: - Add the required groups
Step 6: Review and create
Step 7: Upload the profiler for auto download/config using the atatched sample profiler(.mobileConfig)