Bootstrapper script for enrolling macOS machine in Microsoft Intune

You may have come across the challenge of integrating a macOS machine running the Liquit agent with Microsoft Intune. As currently there is no possibility to enroll such a machine in Intune, because the Liquit Workspace configuration file cannot be added, we are going to share with you a bootstrapper script that will automatically download the latest agent, configuration file, and registration certificate (if enabled). You can download the script here, alternatively the script is posted below.

Defining the script 

  • URLs: define the source from which the script will download the files (agent, configuration and certificate). It can be any source that macOS machine can access (e.g. Azure blob, GitHub or even an internal download link). If you’re not using a certificate to register, you can always delete or comment those lines. Also, you can leave “certificate_download_url” variable empty. 
  • Agent version: If you want to have the latest Liquit Universal Agent (macOS), you just have to edit the zone address in the link ( and the API GUID will always install the latest version available. If you want to install a specific version, insert a download link to that version. For the latest version, see [Liquit Software Downloads section](
  • Working directory: the format of the name must be “TLD(Top-Level Domain).Domain.Boostrapper.” 

Example: com.liquit.Bootstrapper 

  •  Log, package and configuration file names: you can change the logging (log_file) or the registration certificate (cert_path) file name as you desire. 
# Define log file name
# Define package and configuration file name

How the script runs 

The script first checks if a log file exists and if it doesn’t, it creates one. 

After that, it starts the logging: it will first check if the Liquit agent is already installed, creates the working directory, downloads the files, installs Liquit and cleans up all files except the log. 

Bootstrapper and macOS installer log files 

The log file of the bootstrapper can be accessed in the defined working directory.
Example: “/Library/Application Support/com.liquit.Bootstrapper/Bootstrapper.log” 

The macOS installer will log it inside the install.log file, which can be accessed via the or “/private/var/log/install.log”.

Adding the script in Intune/Endpoint Manager 

  1. Go to [Microsoft Endpoint Manager admin center](> Devices > macOS > Shell scripts and click Add. 
  2. In Basics, enter aname and description to the shell scriptand click Next. 

  1. In Script settings, click Upload scriptand browse to the shell script. 
  2. In the Run script as signed-in userfield selectNo. This will determine the script to run as the root user. Click Next. 

  1. In Assignments, assign it to devices, users or groups as needed. Click Next.
  2. In Review + add, a summary of your configured settings is displayed. Click Add to save the script. 


Matthew Gonzalez Nieves is one of the support engineers for Liquit. In his day to day job he speaks with partners who run into some interesting challenges.

# This script will install Liquit Universal Agent on macOS.
# Authors Matthew Gonzalez en Sven van Katwijk
# Version 1.0
# Date created 24-01-2023
# Copyright 2023 Liquit Software B.V.

# This code is made available as is, without any warranty of any kind. The entire risk of the use or the results of the use of this code remains with the user. 

# Dynamic variables
working_dir="/Library/Application Support/com.liquit.Bootstrapper"

# Define log file name

# Define package and configuration file name

# Create log file if it doesn't exist
touch "$log_file"

function log() {
    echo "$(date +'%Y-%m-%d %H:%M:%S') "$1 | tee -a "$log_file"

# Log file location
echo "Using logfile "$log_file

log "Starting installation"

# Check if running as root.
if [ "$(id -u)" != "0" ]; then
    echo "This script must be run as root!"
    exit 1

# Check if Liquit is already installed
if [ -d "/Applications/" ]; then
    log "Liquit is already installed "
    exit 0

# Creates download path
mkdir -p "$working_dir"
cd "$working_dir"
log "Working directory created "

# Download Liquit Universal Agent & JSON file
curl -L -o "$pkg_path" "$agent_download_url"
if [ $? -ne 0 ]; then
    log "Failed to download Liquit Universal Agent"
    exit 1

log "Liquit Universal Agent downloaded "

# Download JSON file
curl -L -o "$config_path" "$config_download_url"
if [ $? -ne 0 ]; then
    exit 1

log "JSON file downloaded"

# Download registration certificate
if [[ ! -z "$certificate_download_url" ]]; then

    curl -L -o "$cert_path" "$certificate_download_url"
    if [ $? -ne 0 ]; then
        log "Failed to download registration certificate"
        exit 1
    log "Registration certificate downloaded"


# Install Liquit Universal Agent
log "Installing Liquit Universal Agent"
installer -pkg "$pkg_path" -target / -dumplog

# Check if installation was successful
if [ $? -ne 0 ]; then
    log "Failed to install Liquit Universal Agent"
    exit 1

# Check if Liquit is installed
log "Liquit Universal Agent installed"

# Make sure all files are released before deleting them.
sleep 5

# Remove downloaded files
rm "$pkg_path"
rm "$config_path"
rm "$cert_path"

log "Downloaded files removed"

log "Installation completed"

exit 0