Deploying System Center Endpoint Protection to Mac OS X using Configuration Manager

Overview:

In this post, I’m going to talk about the process I took to package and deploy the Mac Endpoint Protection client using Configuration Manager 2012 SP1.

My Environment:

  • CM12PS1.CONTOSO.LOCAL = Standalone Primary Site Server (HTTPS Only)
  • Justins-MacBook-Pro.local = Mac OS X Client not domain joined

Steps to Take:

The first thing you will need to do is download the latest Endpoint Protection clients for Mac and Linux. This is available from the Volume Licensing website. This should either be an ISO or a self-extracting .EXE.

Once the files are extracted, you should put it on a network share that a Mac OS X client can access, because we will need to create a Configuration Manager application (.CMMAC file) using the CMAppUtil tool from the Mac OS X client installer(In the tools folder).

I’m actually using the RTM bits for Endpoint Protection, because I didn’t have access to the SP1 bits. I copied the Endpoint Protection Installer (ENU.scepMac.i386.dmg in my case) and the CMAppUtil tool to the desktop on my Mac.

Next you will need to open terminal cd to the location of the CMAppUtil and the DMG installer then run some commands to create a CMAPP installer file (My command was "sudo ./CMAppUtil -c ./ENU.scepMac.i386.dmg -o ./" yours may be different depending on your DMG Installer name)

There will be two packages within the DMG image. You will be prompted to choose what one you want to create a CMAPP file for. We want to choose option 1 (this should be the install.pkg)

Type 1 and click enter, it should begin the process of creating the CMMAC file. This file will be saved in the current path you are in within terminal.

Now we will need to copy our CMMAC file to our package source share so we can create an application within the Configuration Manager console

Now we will create an Application in the Console for the CMMAC file for Endpoint Protection

Once the Application is created, I distributed Content and created a required Deployment for the end point protection applicationto a collection containing my Mac Client. This is the notification that the end user should receive when the machine refreshes its policy.

Install Complete!

Here’s the Client

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of any included script samples are subject to the terms specified in the Terms of Use