TABLE OF CONTENTS
- I want to deploy Apex using Addigy, how do I start?
- How do I grant Full Disk Access for Apex?
- How do I build the custom software for Apex?
- Condition Script
- How do I build System Extensions for Apex?
- Important information!
I want to deploy Apex using Addigy, how do I start?
Great question! Apex requires PPPC for Full Disk Access, the .zip file provided by Trend Micro, as well as System Extensions. We will detail each part of the deployment below.
How do I grant Full Disk Access for Apex?
You will need the below information to place into the MDM configuration for PPPC:
Please note that the below information will go into the Access To Protected Files AND Access to System Admin Files.
Identifiers: 1.com.trendmicro.icore 2.com.trendmicro.tmsm.MainUI 3.com.trendmicro.icore.es Bundle ID's: 1.identifier "com.trendmicro.icore" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32 2.identifier "com.trendmicro.tmsm.MainUI" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32 3.identifier "com.trendmicro.icore.es" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = E8P47U2H32
Once you've finished inputting the information, the MDM configuration should look exactly like the below:
After you confirm it's correct, go ahead and save your work!
How do I build the custom software for Apex?
Please note that the needed file should be downloaded from your Trend-Micro portal.
Once you have your .zip file, navigate to Policies>Catalog>Smart Software and create a new item.
Below we have an example of how the Smart Software is set up:
We will also paste this installation script example here:
unzip -o "/Library/Addigy/ansible/packages/TrendMicro_Apex_One (2.0)/tmsminstall (2).zip" installer -pkg "/Library/Addigy/ansible/packages/TrendMicro_Apex_One (2.0)/tmsminstall/tmsminstall.pkg" -target /
Please note that the above is an example that would only function if you set up the item exactly as pictured. The syntax of the installation script can change depending on the version you set and the filename. The portion that will not change regardless of those factors is /tmsminstall/tmsminstall.pkg
Condition Script
While a condition script is optional, it can be useful if you want to deploy everything listed in the article at once without having to worry about the software installing before the devices get the necessary whitelistings.
You can simply select the MDM Profile required and it will automatically populate a script for you:
How do I build System Extensions for Apex?
To build an MDM configuration for System extensions, navigate to Policies>Catalog>MDM configurations and create a new configuration for System Extensions.
You will only need the below information:
Team Identifier: E8P47U2H32 Bundle Identifier: com.trendmicro.icore, com.trendmicro.tmsm.MainUI, com.trendmicro.icore.es, com.trendmicro.icore.netfilter
Your configuration should look like the below:
Once you've gotten the information inputted correctly, save your work!
Important information!
You must deploy the PPPC and System Extension configurations before deploying the software to avoid end user disruptions. The default installation priorities should automatically handle this. More information on Priority Deployments.