Deploying ThreatLocker to MAC with Intune

2 min. readlast update: 12.20.2024
Note: For organizations deploying to a large amount of endpoints, ThreatLocker recommends using a staggered deployment approach. Organizations that deploy to a large number of endpoints at once may experience increased bandwidth usage as macOS Core and application definitions are downloaded to each endpoint. QOS can be used to limit bandwidth to macapps.threatlocker.com  

Below, you will find the steps for MAC deployment through Microsoft Intune. 

Step 1: Import Configuration Profile for ThreatLocker 

In the Intune portal, head to Devices > macOS Devices > Configuration and click on Create > New Policy.

Select the 'Templates' profile type and 'Custom' template name in the' Create a Profile' pane.

Name the profile in the 'Basics' tab and import the profile in the 'Configuration settings' tab by downloading the following ZIP file, unzipping it, and importing the configuration profile into the portal: https://static.threatlocker.com/deployment/A/ThreatLockerConfigurationProfile-Intune.zip

On the next page, assign this profile to the groups for which you are deploying ThreatLocker, and then review and create the profile.

Note: The Configuration Profile needs to be installed onto the Mac devices before the script is run. Otherwise, permissions for the agent must be granted manually.

Step 2: Import Deployment Script for ThreatLocker 

Download the MDM deployment script from the ThreatLocker portal and save it as “ThreatLockerDeploymentScript-MDM.sh”

To see where to get the latest version of our MDM script, please see the 'RMM Deployment' section of Deploying ThreatLocker | ThreatLocker Help Center (kb.help)

Locate your GroupKey  and replace it in the code "xxxxxxxxxxxxxxxxxxxxxxxx". 

Save the file as ThreatLocker_Install.sh 

From Intune, Navigate to Devices > macOS > Shell Scripts > Select Add 

Name the script ThreatLocker Deployment Script and Select Next 

Under Upload script, navigate to the ThreatLocker_Install.sh file  

Select the following options:  

  • Run the script as a signed-in user: No 
  • Hide script notifications on devices: Yes 
  • Script frequency: Every 1 day (this can be reduced to 15 minutes for testing) 
  • Max number of times to retries if script fails: 3 times 

Add to the Same Group as the Configuration Profile has been added. 

undefined

Select Next > Add 

You can monitor the deployment through the script overview: 

undefined

 

Was this article helpful?