Not Rated
Pin
Alert Me
August 12, 2024

Using Sensors to Enhance macOS Management in Workspace ONE UEM

Incorporating sensors into your macOS management strategy can significantly enhance the data collected by Workspace ONE UEM. Sensor data not only provides deeper insights but also enables automation workflows. This can streamline routine tasks, simplify user onboarding, and facilitate software and profile deployment, ultimately reducing administrative burden.
Asset Information
Asset Information
Read Time: 0 hr 6 min
Creation Date: 8/12/2024
Last Viewed:

Introduction

Omnissa Workspace ONE UEM collects a limited set of device attributes about your corporate-owned macOS devices. But what if you need device information beyond that which UEM collects by default? Let’s say, for instance, you want to know how many of your macOS devices have an Intel-based CPU architecture as opposed to Apple silicon. Or perhaps you need to trigger a Freestyle Orchestrator workflow based on the battery health of your macOS devices. For either of these scenarios and many more, Sensors in Workspace ONE are the perfect option.

Sensors

Sensors in Workspace ONE are custom scripts that return a specific value and are configured to run periodically or are triggered by system events, such as login, logout, and startup. The returned value of a Sensor for each device is displayed in the UEM console under the Sensors tab of the Device Details view. Additionally, sensor data can be displayed in Omnissa Intelligence, and used to trigger automation workflows in Freestyle Orchestrator. For privacy reasons, it is important to note that Sensors cannot be assigned to Employee-Owned devices.

A screenshot of a computer</p>
<p>Description automatically generated

For macOS, Sensors can be created using Bash, Python 3, and Zsh. All Sensor scripts must return a value that will be displayed in the UEM console. For instance, the following example script returns the name of the user currently logged into a macOS device.

#!/bin/zsh
loggedInUser=$( scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )
echo $loggedInUser

You can also define variables for your Sensors if dynamic information is required for execution. These variables are defined outside of the script and any data contained within them is protected with encryption both in transit and at-rest. Additionally, all Sensor data is encrypted using an AES-256 bit symmetric key and is transmitted to the UEM console using HTTPS. As you will see from some of the examples in this post, sensors can pull data from several sources, including plist files, executed commands, and others.

Creating a Sensor

Creating a sensor is an easy process. From the Add dropdown, you select your platform. In this case, it would be macOS. After naming the sensor, you select the Language in which the script is written, the Execution Context, and the Response Data Type. The following table explains each of these options.

SettingDescription
LanguageFor macOS, the languages available for sensors are Bash, Python 3, and Zsh.
Execution ContextThe Execution Context identifies whether the script for the sensor will run in the system context or in the current user context.
Response Data TypeThere are four response data types available: string, integer, Boolean, and date time.

A screenshot of a computer</p>
<p>Description automatically generated

Once you’ve configured the sensor settings and added the script, you can then add variables to the sensor if required. Then, you assign the sensor to a Smart Group and Workspace ONE will begin collecting data from your macOS devices.

Using Sensors for Automation

Sensors can be used to trigger automation workflows in Freestyle Orchestrator, and even as condition to define sequences within those workflows. For example, you might have an application with two installer packages: one for Intel-based macOS devices and one for Apple silicon devices. You’ll need to ensure that the correct installer package is used on the applicable device.

To do this, you first need to create a sensor called cpu_type that checks the CPU architecture on the macOS device using a script such as this:

#!/bin/zsh
PROC=$(/usr/sbin/sysctl -n machdep.cpu.brand_string)
if grep -q "Apple" <<< "$PROC"; then
 echo "arm64"
else
 if grep -q "Intel" <<< "$PROC"; then
     echo "x86_x64"
    else
     echo "unknown_cpu"
    fi
fi

This sensor returns one of three values: arm64 for Apple Silicon, x86_64 for Intel, or unknown_cpu for devices on which it cannot identify the CPU architecture.

Using Freestyle Orchestrator, you can create a workflow that evaluates the results of the sensor and, based on the CPU type reported, will deploy the appropriate installer package to the macOS devices.

A screenshot of a computer</p>
<p>Description automatically generated

A screenshot of a computer</p>
<p>Description automatically generated

Example macOS Sensors

Here are a few examples of useful sensors for macOS devices. You can find these and other useful sensors in our repository on GitHub.

Determining the End Date for Apple Care Support

This sensor returns the end data for Apple Care Support from your macOS devices.

#!/bin/bash
currentUser=$(stat -f%Su /dev/console)
ACEplist="/Users/$currentUser/Library/Application Support/com.apple.NewDeviceOutreach/Warranty.plist"
if [ -f "$ACEplist" ];  then
  endDate=$(/usr/libexec/PlistBuddy -c "Print :coverageEndDate" "$ACEplist")
  date=$(date -j -f %s $endDate +%F)
  echo "$date"
else
  echo "Not Found"
fi

Checking the Status of the Apple Firewall on macOS Devices

This sensor checks the status of the Apple firewall on your macOS devices. The sensor returns a status of either Enabled or Disabled.

#!/bin/bash
status=$(/usr/bin/defaults read /Library/Preferences/com.apple.alf globalstate)
 
if [ "$status" = "1"]; then
    echo "Enabled";
else
    echo "Disabled";
fi

Free Space on the System Disk

This sensor returns the free space available on the system disk of your macOS devices.

#!/bin/bash
free_space=$(/usr/sbin/diskutil info /| grep 'Available Space:\|Free Space' | awk '{print $4, $5}')
echo $free_space

Summary

Using Sensors as part of your macOS management strategy can complement the existing data collected by Workspace ONE UEM. Additionally, sensor data is useful for triggering automation workflows, which can ease the burden related to the execution of some mundane tasks, user onboarding, software and profile deployment and others. And, although it wasn’t discussed in detail, sensor data can also be used in Omnissa Intelligence, allowing you to generate reports and dashboards based on those sensors.

The examples shown in this post are simple, but the data that you can collect with a sensor is only limited by what is available on the device and your scripting skills.

For more information on managing macOS with Workspace ONE, check out these resources on Tech Zone.

Filter Tags

Workspace ONE Workspace ONE UEM Blog Announcement Overview macOS