This guide provides instructions for configuring and upgrading the RSA macOS Agent version 2.0 or later using Microsoft Intune.

IMPORTANT: 

Ensure you install the RSA MFA Agent package first then install the RSA configuration package.

The instructions below apply to both fresh installations and upgrades.

This guide provides instructions for the following:

1. Deploy the RSA MFA Agent Package
2. Deploy the RSA MFA Agent Configuration Package
3. Deploy the RSA MFA Agent Upgrade Package

Step 1: Deploy the RSA MFA Agent Package  

This section describes how to deploy the RSA MFA Agent package using the Microsoft Intune admin center.

1. Launch the Microsoft Intune admin center.
2. In the left navigation pane, click Apps.
3. Under Platforms, select macOS.
   
4. Click Create, then set the app type to macOS app (PKG).
   
5. Click Select app package file, locate the downloaded kit (RSAMFAAgentformacOS-2.0.pkg), and click OK.
   
6. Fill in the required fields as follows:
   

   Name: Add a name for the app. This name will be visible in the Intune apps list and to users in the Company Portal.​

   Description: Add a description to ensure users understand what the app is and/or what they can do in the app. This description will be visible to users in the Company Portal.

   Publisher: The name of the developer or company that distributes the app. This information will be visible to users in the Company Portal.

   Logo: Upload a logo associated with the app. This logo will appear next to the app in the Company Portal.
   

7. Click Next.
8. In the Requirements section, choose the Minimum operating system necessary to install the application.
   
9. In the Detection rules section, set Ignore app version to No.
10. Under Included apps, retain com.rsa.RSAAgentControlCenter and delete all other app bundle IDs.
    
11. In the Assignments section, under Required, select the groups for which you want to make this app required. Required apps are installed automatically on enrolled devices. Some platforms may have additional prompts for the end user to acknowledge before app installation begins.
12. Under Available for enrolled devices, select the groups for which you want to make this app available. Available for enrolled devices apps are displayed in the Company Portal app and website for users to optionally install. Available assignments are only valid for User Groups, not device groups.
    
13. In the Review + create section, review the information you entered, then click Create.
    
14. Log in to the Company Portal to verify the newly configured settings.
    Note: Recent configurations can take a few minutes to be reflected in the Company Portal.
    
15. In the Microsoft Intune admin center, you can view the Device install status and User install status.
    
16. To verify the installation, launch the RSA Control Center via Launchpad, Spotlight search, or Finder.

Step 2: Deploy the RSA MFA Agent Configuration Package

You can generate the RSA MFA Agent for macOS MFA configuration package RSAMFAAgentConfiguration.pkg using the RSA Control Center. 

The generated package can be deployed to multiple remote devices where the RSA MFA Agent for macOS is installed, allowing centralized configuration updates.

Create the Configuration Package in the RSA Control Center

1. Launch the RSA Control Center and navigate to the Configuration section.
2. Configure the required parameters, then click Update.
3. Navigate to the Challenge Group section, configure the required parameters, and click Update.
4. Navigate to the Logging section, configure the required parameters, and click Update.
5. In the Test Authentication section, perform a test authentication to validate your configurations.
6. Click File > Export as Package. 
   After a successful export, the package file will be saved at /Library/Application Support/RSA MFA Agent/RSAMFAAgentConfiguration.pkg.
   

Deploy the Configuration Package

1. Launch the Microsoft Intune admin center.
2. Follow steps 2 through 8 detailed under the Deploy the RSA MFA Agent Package section of this guide for the configuration file RSAMFAAgentConfiguration.pkg. This updates the configuration across all deployed Agents in the organization depending on the Assignments selection.
   

3. In the Detection rules section, set Ignore app version to Yes.

4. Under Included apps, retain com.rsa.mfaconfig and delete all other app bundle IDs.
   

5. Follow steps 11 through 13 detailed under the Deploy the RSA MFA Agent Package section of this guide.
6. Log in to the Company Portal to verify that the configuration package has been deployed successfully.
   
7. The configuration package can also be viewed from the Microsoft Intune admin center.
   

Step 3: Deploy the RSA MFA Agent Upgrade Package

You can upgrade the RSA MFA Agent for macOS using the Microsoft Intune admin center by following the below steps.

Note: This step is only for upgrading an existing Agent and should be skipped for fresh installations (Step 1). Follow the below instructions only when upgrading from version 2.0 to 2.0.1 or later.

1. Launch the Microsoft Intune admin center.
2. Go to Apps > Platforms and select macOS.
3. Select the Agent then click Properties.
   
   
4. Next to App information, click Edit.

5. To upgrade to version 2.0.1, click on the RSAMFAAgentformacOS-2.0.pkg file. In App package file, upload the new file for version 2.0.1, RSAMFAAgentformacOS-2.0.1.pkg, then click OK.
   

6. Update the Name and Description fields as necessary, then click Review + save.

7. Click Next. In the Requirements and Program sections, keep the default settings. 
8. In the Detection rules section, set Ignore app version to No. Under Included apps, retain com.rsa.RSAAgentControlCenter and delete all other app bundle IDs.
9. Review your updates and click Save.
   
10. Log in to the Company Portal to verify that the Agent has been updated, or view the Agent version from the RSA Control Center.