Installing Veeam Agent for Mac via Microsoft Intune

Where has the time gone? It was in 2015 when Veeam jumped in to enable endpoint protection for Microsoft Windows. In 2016, we expanded agent support to include Linux, and in 2020, provided application consistency for MySQL and PostgreSQL via the Veeam Agent for Linux. Now with the release of Veeam Backup & Replication v11, Veeam enables protection for macOS with Veeam Agent for Mac!

You may be wondering, “How do I get Veeam Agent for Mac installed on all my Mac endpoints?” There are a couple different methods:

  • User-initiated:
    • A user will initiate the installation via a native Mac installation package (pkg)

Typically used in deployments with a small number of macOS systems that require protection

  • Automated:
    • Leverage a Mobile Application Management (MAM) solution

Typically used in deployments with a large number of MacOS system that require protection

One MAM solution that is growing in popularity is Microsoft Intune. This is a cloud-based service that provides MAM capabilities for laptops, phones, tablets and computers, including Macs! And if you were wondering how to leverage Microsoft Intune to automate the installation of Veeam Agent for Mac, you have come to the right place!

This blog will be broken down into the following sections:

  • Pre-requisites for a successful installation
  • Creation of a “Computers with pre-installed agents” protection group
  • Prepare the Veeam Agent for Mac installation package for Intune
  • Setup Intune for package deployment
  • Validation Veeam Agent for Mac has been installed

Pre-requisites/Assumptions

The list below contains pre-requisites for installing Veeam Agent for Mac via Microsoft Intune:

  • Mac systems are enrolled in Intune
    • User signed-in to Company Portal application on Mac

Creation of protection group

The first step to installing Veeam Agent for Mac (and this applies to both user-initiated and automated deployments) will be to create a “Computers with pre-installed agents” protection group.

Figure 1
Figure 2

The “Computers with pre-installed agents” type of protection group in V11 has numerous benefits beyond Veeam Agent for Mac:

  • A Windows system does not require the admin$ share
  • A Linux system does not require SSH to be enabled
  • Uses certificates to connect/authenticate to the Veeam backup server
Figure 3

After selecting the “Computers with pre-installed agents” protection group type, you will then be given the option of where the export will be saved and which agent installation packages will be exported. In Figure 4, you will see that the export location is defined as “C:\Exported Installation and Config Files” and the “Apple Mac package with the device profile” is selected.

Figure 4

The export will generate the following files:

Figure 5

Here’s a brief description of each exported file:

Once the export has completed, you will copy the files to a Mac where they will be prepared for Microsoft Intune deployment.

Prepare the Veeam Agent for Mac installation package for Intune

The first step to prepare Veeam Agent for Mac is to download the “Intune App Wrapping Tool for Mac” from the official GitHub of the Microsoft Intune SDK team.

Once downloaded, perform the following:

  • Start the Terminal App
  • Change to the directory where IntuneAppUtil is located
  • Run the following command to make the tool executable
chmod +x IntuneAppUtil
Figure 6

Now that IntuneAppUtil is executable, you will be able to use it to “wrap” the Veeam Agent for Mac installer (.pkg) into an “intunemac” file. This is the type of file that Microsoft Intune uses for application deployment on macOS.

The syntax of the utility is quite simple:

IntuneAppUtil -c <Veeam Agent for Mac PKG> -o <output folder>
Figure 7

Once the command is run, an “intunemac” file will be created which you will use when creating the MAM policy in Microsoft Intune:

Figure 8
NOTE:
Internal testing uncovered issues where Microsoft Intune was unable to deploy a package if the pkg and intunemac file contained spaces. To work around this, simply rename the pkg to not include spaces in the name before running the “IntuneAppUtil” utility.

Setup Intune for package deployment

Now that we have the “intunemac” installer file created, we need to make our way over to Microsoft’s EndPoint Manager and access the “Apps” blade:

Figure 9

Once you are in the “Apps” blade, select “macOS” and click “Add”:

Figure 10

For the App Type, select “Line-of-business” app:

Figure 11

For the “App Package File”, select the “intunemac” file previously created:

Figure 12

Now you can input/update all application information:

Figure 13

Next, you will define the assignments. This means you can identify which device type (required or enrolled) and which users/group will have access to Veeam Agent for Mac.

Figure 14

You are now ready to review and create the application in Microsoft Intune:

Figure 15

Validating Veeam Agent for Mac has been installed

Once the application is created, it will either be installed automatically (required assignment) or available to enrolled devices to install if they choose. Below is a screen capture of the Microsoft Intune Company Portal application installed on an enrolled Mac:

Figure 16

If the application is not installed, a button will be available to select and “Install.” If the application has been installed, a re-install option is available (as seen in the screenshot).

Finally, if you look on the Macs that were assigned or selected to install Veeam Agent for Mac, a “Veeam” folder will be present under “Applications” with the following applications:

Figure 17
NOTE:
Veeam Agent for Mac installation/availability in the Company Portal is dependent on Microsoft Intune refresh cycles.

Conclusion

As more organizations embrace the Apple platform, you are seeing business-critical data reside on macOS systems. This can be through IT departments providing Mac-based computers and laptops as well as organizations embracing the Bring Your Own Device (BYOD) model. This is why it’s important to protect that data with Veeam Agent for Mac. As the number of macOS devices in your organization increases, you will need to ensure that there is a simple and scalable method to install Veeam Agent for Mac, and this is where Microsoft Intune helps.

Once Veeam Agent for Mac has been installed, the next step will be to configure the agent to connect to the Veeam backup server. To find out how you can centrally configure Veeam Agent for Mac, proceed to part 2 in my Veeam Agent for Mac series “Leveraging Microsoft Intune to configure Veeam Agent for Mac.”

V11

Eliminate Data Loss
Eliminate Ransomware

#1 Backup and Recovery

Start free trial