Collecting Customized Inventory Data on MacOS Devices Using Intune

by

Having detailed insights into your managed macOS devices significantly simplifies management tasks. While Intune provides some basic inventory data, its scope is often limited and sometimes lacks critical information. This is where custom inventory scripts are very interisting.

By integrating the following shell script with your Log Analytics Workspace, you not only gain access to a broader range of data but also the ability to perform in-depth analyses using KQL queries and create comprehensive dashboards with Azure Workbooks. This level of detail and customization elevates your device management strategy, allowing for more informed decisions and efficient operations.

Custom Inventory

I have created a shell script that will get you the following data and send it to your Log Analytics Workspace:

  • Device Name: The name of the macOS device.
  • Serial Number: The unique serial number assigned to the device.
  • Model: The model name or identifier of the device.
  • OS Version: The version number of the operating system.
  • OS Build: The specific build version of the operating system.
  • OS Friendly Name: A user-friendly name for the operating system version (e.g. Sonoma).
  • SIP Status: The status of the System Integrity Protection (SIP).
  • Secure Boot Status: The status of the Secure Boot feature on the device.
  • Chip: Information about the processor chip (e.g., Intel, Apple Silicon).
  • Memory: The total amount of physical memory (RAM) in the device.
  • FileVault Status: The status of FileVault disk encryption.
  • Storage Total: The total storage capacity of the primary storage device.
  • Storage Free: The amount of free storage space available on the primary storage device.
  • Last Boot: The date and time when the device was last booted.
  • Device ID: A unique identifier for the device in Intune.
  • Entra Tenant ID: Entra Tenant ID
  • Local Admins: A list of usernames that have administrative privileges on the device.

You can download the script from here: Intune/MacOS/CustomInventory.sh at main · ugurkocde/Intune (github.com)

Requirements

You need a Log Analytics Workspace and copy and paste the workspaceId and sharedKey into the script:

You can find both inside the Settings -> Agents -> Log Analytics agent instructions:

The sharedKey is the Primary Key. Copy and paste both (ID and Key) into the script before starting the deployment.

Deployment

We can deploy the script with Intune here: macOS – Microsoft Intune admin center

Click on the +Add Button

Choose a Name:

Click on Next and now upload the Shell Script:

You can download the script from here: Intune/MacOS/CustomInventory.sh at main · ugurkocde/Intune (github.com)

Do not forget to add the workspaceId and sharedKey variables.

Options:

Run script as signed-in user: No -> We want to run this script as the root user.

Hide script notifications on device: Yes -> Runs the script in the background without any user notification

Script frequency: Every 1 Week -> I want the script to upload the data once a week. Set this to whatevery you like.

Max number of retries: 3 times -> Retries to run the script in case it errors out when e.g. no internet connection is available.

Click on next and assign Scope Tags if you need as well as assign a device or user group to deploy the script to.

Log Analytics Workspace

After the script successfully runs it will send the data to your Log Analytics Workspace. There will be a new Table called CustomInventory_CL (CL stands for Custom Logs) and inside them you will find the data the script gathered from the device.

The results should look like this:


Possible Improvement:

You can avoid any secrets in the shell script if you use a Azure Function that will send the data to a Log Analytics Workspace for you. This way the client sends the data to a Azure Function only and has no secrets or IDs for the LAW.

Disclaimer

I am not responsible for any errors or omissions, or for the results obtained from the use of this information. The use of the script and information is at your own risk. It is advised to test the script in a controlled environment before deploying it in a production scenario.

2 thoughts on “Collecting Customized Inventory Data on MacOS Devices Using Intune”

  1. Pingback: Intune Newsletter - 22nd December 2023 - Andrew Taylor
  2. Pingback: Custom MacOS Client Inventory Data – Reporting Series Part 5 – Mike's MDM Blog

Comments are closed.