Deploying MacOS jump clinet via Intune

Hello ​@rpollock_tg - we have this KB which outlines our Best Practises and guide on how to deploy the JC on to the MacOS OS: https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0021113

Please let us know if this helps you!

Not really a question, just some unsolicited conversation / feedback based on how I’m understanding the best practices for connecting to a Mac device - 

Maybe we are an over-paranoid company, but it seems odd that we’d have to expose an API account to accomplish this. I would imagine in some environments those connections would need to come from the internet, and the permissions wouldn’t be locked down to only creating jump clients. Seems a little risky on the surface. 

​@PhillC My previous comment did not post. I’m getting a loop of endless “zsh: command not found: -H” errors, with only the H changing. I think that script may be outdated, because when I run a search, I did not find a zsh shell/terminal. Can I change the first line of the script to run in terminal instead? I’m not familiar with scripting in MacOS, so not sure how to accomplish this.

Thanks.

Hello ​@rpollock_tg - I think it may be best for you to raise a Support Case with our Support Team for this so they can assist you through the process of getting this set up. It could be the scipt is out of date, or maybe there is something extra which needs to be added.

I am actually having the same issue as OP and I have put in a support case as well as worked with our account rep on this and still no solution. Has it been verified if it is possible to deploy the jump client to Mac via Intune?

Our Mac footprint is pretty small (at least at the moment) so we are going to stick with session keys and having the remote user navigating to our site for the one-time agent download. Not as refined as Jump Clients but it will get the job done with our simple MAC environment for the moment. 

Got it. Thank you for the input.

It is possible and we’ve been doing so for about 3-4 months now, but it took a few weeks to get it working with BT support as it was originally not updated for more current revisions of MacOS. Unfortunately it is currently broken for us after the upgrade to cloud appliance version 25. They’ve changed the names they are using for the app from bomgar-scc to sra-pin, but have not provided an updated script or information about what needs to be updated and where. Pretty frustrating to just have this stop working while it’s out in production and not have any awareness about the change. 

I’ve got a support ticket open with them where they provided this information and then told me they don’t provide support for this script. The product is good, but if I was looking for support that was this meh, I would have just stayed with TeamViewer. They should have provided this information along with a guide on what to update.

From the current ticket I have open:

Researching into this and discussing with our T3, we do not support the script being used as it states in the KB (https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0021113) Disclaimer: "This script is provided "as is" and without warranty of any kind; expressed, implied or otherwise. BeyondTrust specifically disclaims any warranties of merchantability, fitness for a particular purpose and non-infringement. The script has been written for your convenience. Before running any scripts, please review the code and ensure you understand what it does.  Scripting is outside of Beyondtrust Support scope.  Join the Beekeepers community to collaborate with peers and BeyondTrust Staff on scripts. 
 
This 24.3 or lower sample script connects directly to the SRA appliance through API, generates a jump client installer, and then downloads and installs the client. 

Before uploading the script, ensure to customize the sections below: " 

We have seen issues with it since 25.1 and architecture changes, the script uses old names. There have been component name changes (https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0022801). Replaced all references to "Bomgar" with "sra" in folder names, MSI files, and EXE files where applicable. You would need to review the script and make needed changes as necessary and test. Scripting is outside of Beyondtrust Support scope.  Join the Beekeepers community to collaborate with peers and BeyondTrust Staff on scripts (https://beekeepers.beyondtrust.com).

Sorry. Just saw you replied to my post. So we were able to get it downloaded, but I am getting errors when trying to install it. We think it has to do with some security on the macOS that may be preventing installation of apps from unknown files downloaded from the internet, but it is just a guess. But overall this whole process has been massively frustrating.