When looking at the changelog for the latest version, it's hard to believe thatonly six months passed since the last release, 2018.04.The list is — as usual — very long, so I'm only cherry-picking the mostinteresting bits. Scroll way down for the full detailed change lists.
Animation import and playback
2018-12-09 00:23:57. I needed to record a demo on a Mac, I don't own a Mac and was contemplating borrowing one from a friend. Then I realised, I finally had an excuse to give this a go! I've been itching to since I read - Accelerated KVM guests on WSL 2, an awesome write-up on how to run accelerated KVM guests on WSL2 from @unixterminal. OSX by default comes with Python 2.7 installed, so we're going to update to the latest version of Python using brew. Then, we're going to deploy the newest version of git and vim and install. In contrast, HTML5 APIs behave like macOS / iOS and Platform::EmscriptenApplication follows that behavior — framebufferSize thus matches device pixels while windowSize (to which all events are related) is smaller on HiDPI systems.
This long-awaited feature finally managed to rise to the top of the prioritylist and so the new release contains a brand-new Animation namespace.Some design ideas are borrowed from Ozz-Animation,with one end goal being high-performance playback of animations imported fromglTF files (with other formats cominglater). The other goal is being able to quickly iterate on hand-craftedanimations of arbitrary values when writing a gameplay or UI transitions.
The animation library supports interleaved or separate keyframe data forcache-optimized data access; floats, std::chrono, frame index(or just anything) for representing time, and yes, you can also animatestrings, enum values, bools or even the state of another animation —and why not animating a time value to make the playback non-linear! There's aset of builtin interpolation modes —constant, linear, spherical linear and spline-based; but you can also supplyyour own interpolator function if you need some ease-in/ease-out, or, forexample, unpack a quaternion from a 10–10–10–2 representation first.
At the moment the Animation library is marked as experimentalas its API is not set in stone yet. There's a lot to explain, so stay tuned fordetailed introductory blogposts (and examples) for all features. For a briefoverview, check the Animation::Track and Animation::Player classdocs.
Animation import is done through the new Trade::AnimationData class andat the moment the Trade::AbstractImporter interfaces handle just basicobject transformation. Skinning and morphing will need some more-or-lessbreaking changes to some Trade APIs and so these features are scheduledfor next releases. Along with that, the goal for the Trade library isallowing zero-copy asset import — for example playing back an animationdirectly from a memory-mapped glTF file, with no data copies in between. Seemosra/magnum#240 for further work in this area.
The fun barely started!
I had to stop adding new features because the release would otherwise nevermake it out. There's already more in the buffer — builtin easingfunctions, interpolator chaining and more. See mosra/magnum#101help wanted for details. There's lot of small andself-contained things to work on, so if you feel brave and want to help,let us know!
Magnum Player
While the Animation API itself doesn't have any dedicated example yet,there's now a new app, Magnum Player, that can play back a scene fileyou throw at it. The final goal for this app will be showcasing the full Magnumfeature set — debugging and introspection tools, material tweaking etc. Checkout the online version below — it supports multi-file drag&drop, so simplydrop a glTF file on it to play it. If you don't have any glTF file handy,there's the official Khronos glTF sample model repositoryon GitHub. Sketchfab also has 1000s of modelsdownloadable as glTF.
Initial work on the Vulkan backend
After the hard work of removing mandatory OpenGL dependency was done in2018.04, Magnum is slowly gaining bits and pieces needed for Vulkan support. InJune I took over a maintainership of flextGL and addedVulkan support to it. Shortly after, Magnum gained a Vk library thatprovides platform-independent function pointer loading. It gives you a choicewhether you want global function pointers (like with OpenGL) or manage themlocally. See the original post about flextGLfor details.
The Vk library also provides conversion of generic PixelFormat,SamplerFilter, MeshPrimitive, … enums to Vulkan-specificVkFormat, VkFilter, VkPrimitiveTopology, … values.That allows you to use Magnum asset management APIs to load image and scenedata and use them directly without time-consuming manual format conversion.There is also a new example focused on rendering a simple triangle to anoffscreen buffer using a handcrafted SPIR-V shader and then saving it as a PNGusing the Magnum PngImageConverter plugin.
There will be more
Further additions like shader/SPIR-V tools, device/instance abstractionsand initial pieces of the Vulkan backend are scheduled for next releases.Subscribe to mosra/magnum#234 for updates.
HiDPI support
Long gone are the days of a standard 1024×768 resolution and fixed 96 DPI— dense screens are now a common feature for higher-end laptops and desktops.In the 2018.10 release, Magnum is DPI-aware on macOS, iOS, Linux andEmscripten. The usability goal is that requesting an 800×600 window willmake it the same physical size as an 800×600 window would have on a 96DPI screen — so basically with no extra involvement from the user. For weband mobile, Magnum simply ensures that for given canvas / screen size you'llget all the pixels that are there, with no scaling on top. If you have a HiDPIscreen, check out the WebGL demos on the Showcasepage — everything should be nicely crisp. This topic is way more complex thanit might seem, see DPI awareness for a detailed overviewof DPI-awareness on all platforms and what that means for you as a developer.
Unfortunately out-of-the-box Windows support didn't make it to the release(though you are able to force arbitrary scaling with a --magnum-dpi-scalingparameter). Full Android support and advanced things like DPI change eventswhen dragging a window across differently dense monitors are also waiting to bedone, see mosra/magnum#243help wanted for details.
Math goodies
Introduction of the Animation library required quite a few additions tothe Math library — there's a new Math::CubicHermite class forCubic Hermite splines. As a generic base for TCB curves and Catmull-Rom splinesthey are easily convertible to and from Math::Bezier.
Cubic spline interpolation is henceforth referred to as splerp
— Thew (@AmazingThew) December 24, 2016And because spline storage is useless on its own, the zoo of interpolationfunctions got extended with Math::splerp() variants. Besides that, theexisting Math::lerp() was extended to allow linear interpolation ofMath::CubicHermite points, if you ever need that, and there's a newMath::select() utility that does constant interpolation of all existingmath types. And also strings, enums or booleans. See thefull list in the documentation. There'salso a recent blog post aboutneglected optimization opportunities in quaternion interpolation.
As a side-product of Squareys' bachelor thesis,Magnum gained a large collection of cone intersection functions in theMath::Intersection namespace. The Math::Range class gotintersection methods as well, along with other niceties.
Many projects either use or interface with the GLMlibrary and so it made sense to be interoperable with it. Simply include one ofthe headers in the GlmIntegration library and you'll get conversion ofall vector, matrix and quaternion types and also an ability to print the GLMtypes using Utility::Debug:
Listing all the additions to Math library would be beyond overwhelming, jumpto the complete changelog for the rest.
Little big details
Yes, it's now possible to get a GL::Mesh directly fromTrade::MeshDatawith a single click —just use the brand new MeshTools::compile() reimplementation and it'lldrag all GL::Buffer instances along with itself, without you needing tomanage them. Of course there are flexibility tradeoffs, so when using the meshAPIs directly, you have the option of GL::Mesh::addVertexBuffer() eithertaking a non-owning reference to the buffer or fully taking over its ownership.
There's a new Containers::ScopedExit class that simply calls a passedexit / close / destroy function on given value at the end of scope. Very usefulwhen interacting with low-level C APIs and much easier than wrestling withstd::unique_ptr, trying to convince it to do the same.
If you ever need to iterate on a array of interleaved values and take alwaysthe third value, there's now Containers::StridedArrayView that abstractsit away. It's used internally by the Animation::TrackView APIs to allowfor both flexible and cache-efficient layout of keyframe data.
There's a new Utility::format() family offunctions for Python-style type-safe string formatting. The reason I'm addingthis is because std::ostream (and to some extent printf())is notoriously inefficient, negatively affecting executable size especially onasm.js / WebAssembly targets. However the full implementation didn't make itinto the release, only the surface APIs, Magnum is not ported away from streamsjust yet — there will be a detailed post about all this later 😉
More of an internal thing, the DebugTools::CompareImage utility got aCompareImageToFile counterpart,together with other combinations. Dani gonzalez mac os. In subsequent updates, these will get usedfor fuzzy shader output verification — very important for implementing PBRshaders that are later on the roadmap.
Prototyping
Shown above is a new Primitives::gradient2D() function (together withits 3D counterpart), useful for simple backdrops. The Shaders::Phongshader got a long-requested support for multiple lights and there's now alphamasking support in both Shaders::Phong and Shaders::Flat —useful for quick'n'dirty prototyping when you don't want to bother yourselfwith depth sorting or OIT.
Asset management improvements
Since the TinyGltfImporter plugin initialrelease in 2018.04, it's receiving an endless stream of updates. While thebiggest new feature is animation import, it also received support formulti-primitive meshes, name mapping for all data, camera aspect ratio importand various conformance fixes and performance improvements. It's now easier toaccess its internal state, in case youwant to parse custom glTF properties or access data that the importer does notsupport yet.
To support loading data from memory, from AAssetManager on Android orfor example voa drag&drop on Emscripten, all scene and image importers nowsupport file loading callbacks.For you it means you can continue loading assets as usual — using theirfilenames — and only set up a different file callback for each platform. Theimplementation was done in a way that makes all existing (and future) pluginsimplicitly work with file callbacks, moreover theTinyGltfImporter,AssimpImporter andOpenGexImporter also use provided filecallbacks for external data referenced from scene files (such as images or databuffers).
There's finally a JpegImageConverter pluginfor compressing JPEG files, using a libJPEG implementation of your choice —be it the vanilla implementation, libjpeg-turboor, for example, MozJPEG. Similarly, thestb_image-based StbImageConvertergot updated to support JPEG output as well — and you can load either of themusing the JpegImageConverter alias. Both plugins support specifying theoutput quality via a runtime setting; more encoding options may be added in thefuture.
Among other things, the StbTrueTypeFont wasupdated to a new version of stb_truetype, gaining OTF support, and you cannow load it (along with the other HarfBuzzFont andFreeTypeFont implementations) via the genericOpenTypeFont alias.
There's always something to improve in the docs
If you happen to be using Magnum with a buildsystem other than CMake, there'snow a high-level guide, pointing out the biggestpain points. The Math::Matrix4 and Matrix3 docsare improved with equations visualizing most operations; theMath::Intersection and Math::Distance functions andMath::Constants got updated equations as well.
The Using the scene graph guide now has a visual intro, explaining the basicconcepts; the JavaScript, HTML5 and WebGL and Android guideswere extended with further tips and troubleshooting items. Oh, and theShaders and Primitives docs now have images that look properlycrisp on HiDPi screens.
Mac Os Versions
Not all roads led to Rome
Whelm Mac Os X
Magnum is now over eight years old and it became apparent that some earlyfunctionality didn't stand the test of time — either because it depended ona now-outdated toolkit, because the required time investment for continuedmaintenance was not worth it or simply because it was a design experiment thatfailed. The following libraries are now marked as deprecated, are not built bydefault (in case they ever were) and will be completely removed in about sixmonths time.
The
Shapesobsolete library, together withDebugTools::ShapeRendererobsolete and theBulletIntegration::convertShape()obsolete function.Failed design experiment that couldn't ever be made performant (and abusing%operators for collision queries was just plain wrong).Related geometry algorithms were moved to Math::Distance andMath::Intersection namespaces. If you need a full-fledged physicslibrary, please have look at Bullet, whichhas Magnum integration in BulletIntegration (together with debugdraw implemented in BulletIntegration::DebugDraw), or atBox2D, which has a Magnum exampleas well.
The
Platform::GlutApplicationobsolete application. It'sbased on an outdated GLUT toolkit, has portability issues and doesn't makesense on the path forward to Vulkan. Consider switching to eitherPlatform::Sdl2Application or Platform::GlfwApplication.The
ColladaImporterobsolete plugin, because it's based onan outdated Qt4 toolkit. Moreover, due to the sheer complexity of theCOLLADA format and poor conformance of various exporters it's not feasibleto maintain a builtin importer anymore. Consider either usingAssimpImporter for COLLADA import orswitching to better-designed and better-supported formats such as glTF orOpenGEX using TinyGltfImporter orOpenGexImporter. There's also the officialCOLLADA2GLTF converter.
Visual Studio 2017
With a heavy heart I have to say that recent updates of MSVC 2017 wereregressing instead of improving with their C++11 conformance, crashing withInternal Compiler Error on code involving constexpr. While wemanaged to reproduce and work around all reported issues so far, it mayhappen that your code triggers some new corner case. Try to update to thelatest version first and if the problem persists,let us know. Thank you and sorry for the bumps.
Note that MSVC 2015 is not affected by these.
New examples
Two new examples were contributed by our great community, namely an integrationof the Box2D physics engine and an advanced depth-aware mouse interactionexample. Both are ported to WebGL and you can play with them right now:
HTTPS 🔒
The Magnum website is never storing any cookies or doing user tracking (anddoesn't plan to be doing that), so there's no need to be worried about yourdata being compromised. Nevertheless, it's now served over HTTPS, with acertificate from Let's Encrypt. Some tradeoffswere made as it's either full security or supporting the not-most-recentbrowsers (but not both), so if you experience any issues, please let us know.
Sometimes ahard kickis all it takes to get things done.
Contributions welcome
Magnum is now partnering with a few universities with a goal of improvingcomputer graphics courses by offering students things that are fun to playwith. You're invited to the party as well — each GitHub repositorynow has issues marked with a help wanted label and theseissues are specifically picked to be self-contained, excercise a well-definedarea of knowledge and to not require deep understanding of Magnum internals.The most rewarding among these are various examples, you can also implement afancy algorithm, integrate support for a new file format or share yourexpertise in an area you know the best. If you pick something, let us knowand we'll help you get on the right path.
There's also a possibility to write a guest postfor this very blog and share interesting details about a Magnum-related thingyou're working on.
Upgrading from previous versions
In contrast to 2018.04, this release is more of an evolutional one.Nevertheless, even though we're always going to extreme lengths to preservebackwards compatibility, it may happen that some changes will have negativeaffect on your code. Please check the Deprecated APIs and Potentialcompatibility issues sections in the complete changelog below for moreinformation.
Thanks to @matjam there's now aPPA repositorycontaining prebuilt packages for Ubuntu 14.04, 16.04 and 18.04. If you followthe #movingtogitlab movement,Magnum now has a mirror on GitLab, butnote that primary development, roadmap and milestone planning is stillhappening on GitHub and will stay there for the foreseeable future.
The 2018.10 release is already available in Homebrewand ArchLinux AUR. At thetime of writing, the PPA repository, Vcpkg andArchLinux repos are not updated yet, we'reworking on getting the latest version there as well.
Complete changelog
It's longer than you might expect 😉
Special thanks
Lots of work in this release is done thanks to external contributors:
- Jonathan Hale (@Squareys) — tireless maintenance of all thingsVR, intersection algorithms, glTF, OpenGEX, Assimp importer updates andVcpkg expertise
- @scturtle — the Mouse Interaction example
- Michal Mikula — the Box2D example
- Nathan Ollerenshaw (@matjam) — Ubuntu PPA repository maintenance
- Alexander F Rødseth (@xyproto) — continued ArchLinux
[community]package maintenance - Patrick Werner (@boonto) — Android port of theModel Viewer example
- Ivan P. (@uzername) — ongoing effort with improving thedocumentation and making the library more approachable for newcomers
Again thanks a lot to everyone, not to forget all people who reported issues,suggested improvements or just wrote encouraging messages on theGitter chat. Cheers!
Discussion: Twitter,Reddit r/cpp,r/gamedev,r/gltf,Hacker News,mailing list-->Use shell scripts to extend device management capabilities in Intune, beyond what is supported by the macOS operating system.
Note
Rosetta 2 is required to run x64 (Intel) version of apps on Apple Silicon Macs. To install Rosetta 2 on Apple Silicon Macs automatically, you can deploy a shell script in Endpoint Manager. To view a sample script, see Rosetta 2 Installation Script.
Prerequisites
Ensure that the following prerequisites are met when composing shell scripts and assigning them to macOS devices.
- Devices are running macOS 10.13 or later.
- Devices are managed by Intune.
- Shell scripts begin with
#!and must be in a valid location such as#!/bin/shor#!/usr/bin/env zsh. - Command-line interpreters for the applicable shells are installed.
Important considerations before using shell scripts
- Shell scripts require that the Microsoft Intune management agent is successfully installed on the macOS device. For more information, see Microsoft Intune management agent for macOS.
- Shell scripts run in parallel on devices as separate processes.
- Shell scripts that are run as the signed-in user will run for all currently signed-in user accounts on the device at the time of the run.
- An end user is required to sign in to the device to execute scripts running as a signed-in user.
- Root user privileges are required if the script requires making changes that a standard user account cannot.
- Shell scripts will attempt to run more frequently than the chosen script frequency for certain conditions, such as if the disk is full, if the storage location is tampered with, if the local cache is deleted, or if the Mac device restarts.
Create and assign a shell script policy
Sign in to the Microsoft Endpoint Manager Admin Center.
Select Devices > macOS > Scripts > Add.
In Basics, enter the following properties, and select Next:
- Name: Enter a name for the shell script.
- Description: Enter a description for the shell script. This setting is optional, but recommended.
Winter sleep - deluxe edition mac os. In Script settings, enter the following properties, and select Next:
- Upload script: Browse to the shell script. The script file must be less than 200 KB in size.
- Run script as signed-in user: Select Yes to run the script with the user's credentials on the device. Choose No (default) to run the script as the root user.
- Hide script notifications on devices: By default, script notifications are shown for each script that is run. End users see a IT is configuring your computer notification from Intune on macOS devices.
- Script frequency: Select how often the script is to be run. Choose Not configured (default) to run a script only once.
- Max number of times to retry if script fails: Select how many times the script should be run if it returns a non-zero exit code (zero meaning success). Choose Not configured (default) to not retry when a script fails.
In Scope tags, optionally add scope tags for the script, and select Next. You can use scope tags to determine who can see scripts in Intune. For full details about scope tags, see Use role-based access control and scope tags for distributed IT.
Select Assignments > Select groups to include. An existing list of Azure AD groups is shown. Select one or more user or device groups that are to receive the script. Choose Select. The groups you choose are shown in the list, and will receive your script policy.
Note
- Shell scripts assigned to user groups applies to any user logging in to the Mac.
- Updating assignments for shell scripts also updates assignments for Microsoft Intune MDM Agent for macOS.
In Review + add, a summary is shown of the settings you configured. Select Add to save the script. When you select Add, the script policy is deployed to the groups you chose.
The script you created now appears in the list of scripts.
Monitor a shell script policy
You can monitor the run status of all assigned scripts for users and devices by choosing one of the following reports:
- Scripts > select the script to monitor > Device status
- Scripts > select the script to monitor > User status
Important
Irrespective of the selected Script frequency, the script run status is reported only the first time a script is run. Script run status is not updated on subsequent runs. However, updated scripts are treated as new scripts and will report the run status again.
Once a script runs, it returns one of the following statuses:
- A script run status of Failed indicates that the script returned a non-zero exit code or the script is malformed.
- A script run status of Success indicated that the script returned zero as the exit code.
Troubleshoot macOS shell script policies using log collection
You can collect device logs to help troubleshoot script issues on macOS devices.
Requirements for log collection
The following items are required to collect logs on a macOS device:
- You must specify the full absolute log file path.
- File paths must be separated using only a semicolon (;).
- The maximum log collection size to upload is 60 MB (compressed) or 25 files, whichever occurs first.
- File types that are allowed for log collection include the following extensions: .log, .zip, .gz, .tar, .txt, .xml, .crash, .rtf
Collect device logs
Sign in to the Microsoft Endpoint Manager admin center.
In Device status or User status report, select a device.
Select Collect logs, provide folder paths of log files separated only by a semicolon (;) without spaces or newlines in between paths.
For example, multiple paths should be written as/Path/to/logfile1.zip;/Path/to/logfile2.log.Important
Multiple log file paths separated using comma, period, newline or quotation marks with or without spaces will result in log collection error. Spaces are also not allowed as separators between paths.
Select OK. Logs are collected the next time the Intune management agent on the device checks in with Intune. This check-in usually occurs every 8 hours.
Note
- Collected logs are encrypted on the device, transmitted and stored in Microsoft Azure storage for 30 days. Stored logs are decrypted on demand and downloaded using Microsoft Endpoint Manager admin center.
- In addition to the admin-specified logs, the Intune management agent logs are also collected from these folders:
/Library/Logs/Microsoft/Intuneand~/Library/Logs/Microsoft/Intune. The agent log file-names areIntuneMDMDaemon date--time.logandIntuneMDMAgent date--time.log. - If any admin-specified file is missing or has the wrong file-extension, you will find these file-names listed in
LogCollectionInfo.txt.
Log collection errors
Log collection may not be successful due to any of the following reasons provided in the table below. To resolve these errors, follow the remediation steps.
| Error code (hex) | Error code (dec) | Error message | Remediation steps |
|---|---|---|---|
| 0X87D300D1 | 2016214834 | Log file size cannot exceed 60 MB. | Ensure that compressed logs are less than 60 MB in size. |
| 0X87D300D1 | 2016214831 | The provided log file path must exist. The system user folder is an invalid location for log files. | Ensure that the provided file path is valid and accessible. |
| 0X87D300D2 | 2016214830 | Log collection file upload failed due to expiration of upload URL. | Retry the Collect logs action. |
| 0X87D300D3, 0X87D300D5, 0X87D300D7 | 2016214829, 2016214827, 2016214825 | Log collection file upload failed due to encryption failure. Retry log upload. | Retry the Collect logs action. |
| 2016214828 | The number of log files exceeded the allowed limit of 25 files. | Only up to 25 log files can be collected at a time. | |
| 0X87D300D6 | 2016214826 | Log collection file upload failed due to zip error. Retry log upload. | Retry the Collect logs action. |
| 2016214740 | The logs couldn't be encrypted as compressed logs were not found. | Retry the Collect logs action. | |
| 2016214739 | The logs were collected but couldn't be stored. | Retry the Collect logs action. |
Custom attributes for macOS
You can create custom attribute profiles which enable you to collect custom properties from managed macOS device using shell scripts.
Create and assign a custom attribute for macOS devices
Sign in to the Microsoft Endpoint Manager Admin Center.
Select Devices > macOS > Custom attributes > Add.
In Basics, enter the following properties, and select Next:
- Name: Enter a name for the script.
- Description: Enter a description for the script. This setting is optional, but recommended.
In Attribute settings, enter the following properties, and select Next:
- Data type of attribute: Select the data type of the result that the script returns. Available values are String, Integer, and Date.
- Script: Select a script file.
Additional details:
- The shell script must echo the attribute to be reported and the data type of the output must match the data type of attribute in the custom attribute profile.
- The result returned by the shell script must be 20KB or less.
Note
When using
Datetype attributes, ensure that the shell script returns dates in ISO-8601 format. See the examples below.To print an ISO-8601-compliant date with time-zone:
To print an ISO-8601-compliant date in UTC time:
In Assignments, click Select groups to include. When you choose Select groups to include an existing list of Azure AD groups is shown. Select one or more user or device groups that are to receive the script. Choose Select. The groups you choose are shown in the list, and will receive your script policy. Alternatively, you can choose to select All users, All devices, or All users and all devices by selecting one of these options in the dropdown box next to Assign to.
Note
- Scripts assigned to user groups applies to any user logging in to the Mac.
In Review + add, a summary is shown of the settings you configured. Select Add to save the script. When you select Add, the script policy is deployed to the groups you chose.
The script you created now appears in the list of custom attributes.
Monitor a custom attribute policy
You can monitor the run status of all assigned custom attribute profiles for users and devices by choosing one of the following reports:
- Custom attributes > select the custom attribute profile to monitor > Device status
- Custom attributes > select the custom attribute profile to monitor > User status
Important
Shell scripts provided in custom attribute profiles are run every 8 hours on managed Macs and reported.
Once a custom attribute profile runs, it returns one of the following statuses:
- A status of Failed indicates that the script returned a non-zero exit code or the script is malformed. The error is reported in the Result column.
- As status of Success indicates that the script returned zero as the exit code. The output echoed by the script is reported in the Result column.
Frequently asked questions
Why are assigned shell scripts not running on the device?
There could be several reasons:
- The agent might need to check-in to receive new or updated scripts. This check-in process occurs every 8 hours and is different from the MDM check-in. Make sure that the device is awake and connected to a network for a successful agent check-in and wait for the agent to check-in. You can also request the end-user to open Company Portal on the Mac, select the device and click Check settings.
- The agent may not be installed. Check that the agent is installed at
/Library/Intune/Microsoft Intune Agent.appon the macOS device. - The agent may not be in a healthy state. The agent will attempt to recover for 24 hours, remove itself and reinstall if shell scripts are still assigned.
How frequently is script run status reported?
Script run status is reported to Microsoft Endpoint Manager Admin Console as soon as script run is complete. If a script is scheduled to run periodically at a set frequency, it only reports status the first time it runs.
When are shell scripts run again?
A script is run again only when the Max number of times to retry if script fails setting is configured and the script fails on run. If the Max number of times to retry if script fails is not configured and a script fails on run, it will not be run again and run status will be reported as failed.
What Intune role permissions are required for shell scripts?
Your assigned-intune role requires Device configurations permissions to delete, assign, create, update, or read shell scripts.
Microsoft Intune management agent for macOS
Why is the agent required?
The Microsoft Intune management agent is necessary to be installed on managed macOS devices in order to enable advanced device management capabilities that are not supported by the native macOS operating system.
How is the agent installed?
The agent is automatically and silently installed on Intune-managed macOS devices that you assign at least one shell script to in Microsoft Endpoint Manager Admin Center. The agent is installed at /Library/Intune/Microsoft Intune Agent.app when applicable and doesn't appear in Finder > Applications on macOS devices. The agent appears as IntuneMdmAgent in Activity Monitor when running on macOS devices.
What does the agent do?
- The agent silently authenticates with Intune services before checking in to receive assigned shell scripts for the macOS device.
- The agent receives assigned shell scripts and runs the scripts based on the configured schedule, retry attempts, notification settings, and other settings set by the admin.
- The agent checks for new or updated scripts with Intune services usually every 8 hours. This check-in process is independent of the MDM check-in.
How can I manually initiate an agent check-in from a Mac?
On a managed Mac that has the agent installed, open Company Portal, select the local device, click on Check settings. This initiates an MDM check-in as well as an agent check-in.
Alternatively, open Terminal, run the sudo killall IntuneMdmAgent command to terminate the IntuneMdmAgent process. The IntuneMdmAgent process will restart immediately, which will initiate a check-in with Intune.
Escape fantasy mac os. Note
The Sync action for devices in Microsoft Endpoint Manager Admin Console initiates an MDM check-in and does not force an agent check-in.
Whelm Mac Os Catalina
When is the agent removed?
There are several conditions that can cause the agent to be removed from the device such as:
- Shell scripts are no longer assigned to the device.
- The macOS device is no longer managed.
- The agent is in an irrecoverable state for more than 24 hours (device-awake time).
Why are scripts running even though the Mac is no longer managed?
When a Mac with assigned scripts is no longer managed, the agent is not removed immediately. The agent detects that the Mac is not managed at the next agent check-in (usually every 8 hours) and cancels scheduled script-runs. So, any locally stored scripts scheduled to run more frequently than the next scheduled agent check-in will run. When the agent is unable to check-in, it retries checking in for up to 24 hours (device-awake time) and then removes itself from the Mac.
How to turn off usage data sent to Microsoft for shell scripts?
To turn off usage data sent to Microsoft from the Intune management agent, open Company Portal and select Menu > Preferences > uncheck 'allow Microsoft to collect usage data'. This will turn off usage data sent for both the agent and Company Portal.
Whelm Mac Os Download
Known issues
- No script run status: In the unlikely event that a script is received on the device and the device goes offline before the run status is reported, the device will not report run status for the script in the admin console.
Additional information
When you deploy shell scripts or custom attributes for macOS devices from Microsoft Endpoint Manager, it deploys the new universal version of the Intune management agent app that runs natively on Apple Silicon Mac machines. The same deployment will install the x64 version of the app on Intel Mac machines. Rosetta 2 is required to run x64 (Intel) version of apps on Apple Silicon Macs. To install Rosetta 2 on Apple Silicon Macs automatically, you can deploy a shell script in Endpoint Manager. To view a sample script, see Rosetta 2 Installation Script.
Next steps
