Update 9/4/2024: As of August 28, 2024, the Intune agent is now receiving an updated PPPC profile that silently configures the "System Events" permission on applicable Macs. No action is needed to en...
Updated Sep 04, 2024
Version 2.0
Blog Post
2 MIN READ
New permission prompt to improve macOS notification experience for users when using shell scripts
TonsilTim the mobilconfig file is there to set the permissions for the Intune Management Agent, so that the users don't get the permissions notification when Shell Scripts are deployed to their devices with the setting “Hide script notifications on devices” set to "Not configured". This will not stop the notifications themselves.
The Microsoft Learn article on deploying https://learn.microsoft.com/en-us/mem/intune/configuration/custom-settings-macos is a good place to start, but from a high-level:
- Create a new Custom profile, give it a name.
- Give the configuration profiles a name (this is displayed within profiles on the device itself so it doesn't really matter what this is called) something like "Microsoft Intune Agent Permissions"
- Select "Device Channel" for the "Deployment channel"
- Upload the saved mobileconfig file (after updating the Org Name).
- Deploy to a group of macOS devices.
I would then review your Shell scripts to check whether the scripts with the notification setting of "Not configured" should actually be a "Yes", and update them where appropriate.