RSS
 

Collect Data with Sensors for macOS Devices

macOS Desktop devices contain multiple attributes such as hardware, OS, certificates, patches, apps, and more. With Sensors, you can collect data for these attributes using the Workspace ONE UEM console. Display the data in Workspace ONE Intelligence and in Workspace ONE UEM.

Important: Sensors are not permitted to be assigned to Employee-Owned devices for privacy reasons.

Sensors Description

Workspace ONE UEM tracks a limited number of device attributes by default. However with Sensors, you can track the specific device attributes you want. For example, you can create a Sensor that tracks the number of battery charge cycles, last updated date of a virus definition file, or the build version of a specific security agent. Sensors allow you to track various attributes across your devices using common scripting languages like Bash, Python 3, and Zsh. These sensor scripts can be configured to run periodically, or based on system events like Login, Logout, and Startup.

Find Sensors in the main Workspace ONE UEM console navigation under Resources.

Workspace ONE UEM Options

  • Bash, Python 3, or Zsh Scripts - Use your preferred language to create the sensor script. The script you create collects the value of each sensor. For examples of what types of sensors you can create, see Examples for macOS Sensors.
  • Support for Variables - If your sensor script requires dynamic or sensitive information that must be defined outside of the script, variables can be used to securely store this information. Variable data is encrypted at-rest and in-transit. For Bash/Zsh sensors, the variables can be referenced in the code directly by name $myvariable. Python 3 sensors can reference variables by importing the os module and using os.getenv('myvariable').
  • Sensors Triggers - When configuring Sensors, you can configure triggers to control when the device runs and reports the sensor data back to the Workspace ONE UEM console. You can schedule these triggers based on the Intelligent Hub Sample Schedule (periodically) or specific device events such as login and logout.
  • Technical Preview

    • Device Details> Sensors - You can see data for single devices on the Sensors tab in a device's Device Details page.

      Note:

      • Currently this feature is in Technical Preview state and may not be available in your environment.
      • New UEM infrastructure (also required for Freestyle Orchestrator) must be enabled in your environment so that Workspace ONE UEM can display Sensors data for devices on the Sensors tab and use in Freestyle Orchestrator.
      • Workspace ONE UEM enables this configuration for SaaS customers. VMware is working on the solution for On-Premises environments, but until released, the Sensors tab will not available in Device Details for On-Premises deployments.

    • Use Sensor values in Freestyle workflows to manage endpoint resources with more granular criteria conditions. For more information, see Freestyle Orchestrator Guide.

Workspace ONE Intelligence Options

If you use the Workspace ONE Intelligence service, you can run a report or create a dashboard to view and interact with the data from your Sensors. When you run reports, use the Workspace ONE UEM category, Device Sensors. You can find your sensors and select them for queries in reports and dashboards.

Encryption

All data at rest is encrypted in Workspace ONE Intelligence. For details, refer to the content on the VMware Cloud Trust Center. This site has reports with details on compliance certs, CAIQ, SOC2, SOC3, and other security best practices.

Workspace ONE Intelligence Documentation

For details on how to work in Workspace ONE Intelligence, see VMware Workspace ONE Intelligence Products.

Sensors Security

On the macOS device, Sensor data and values are encrypted using Workspace ONE Intelligent Hub AES-256 bit symmetric key before being stored in a local database. Only Workspace ONE Intelligent Hub can read Sensor data at rest and the end-user cannot read the Sensor data or values. Sensor data sent to the Workspace ONE UEM Console is always transmitted over HTTPS.

On the Workspace ONE UEM Console, administrators can view the Sensors data and returned values from Device Details > Sensors tab. Access to this tab can be restricted in Admin Roles settings.

Note: The new Sensors tab requires the new Workspace ONE UEM infrastructure to be rolled out across SaaS in phases in future releases.

Create a Sensor for macOS Devices

Create Sensors in the Workspace ONE UEM console to track specific device attributes such as remaining battery, specific version or build information, or average CPU usage. Each sensor includes a script of code to collect the desired data. You can upload these scripts or enter them directly into the console.

Sensors can use Bash, Python 3, or Zsh scripts to gather attribute values. You must create these scripts yourself either before creating a sensor or during configuration in the scripting window.

Each script contains only one sensor. If a script returns multiple values, VMware Workspace ONE Intelligence and Workspace ONE UEM reads the entire output as one value. If a script returns a null value, VMware Workspace ONE Intelligence and Workspace ONE UEM do not report the sensor.

Prerequisites:

If you want to view Sensors for multiple devices and interact with the data in reports and dashboards, you must opt into VMware Workspace ONE Intelligence. If you want to view Sensors data for a single device, you do not need VMware Workspace ONE Intelligence. Go to the device's Device Details page and select the Sensors tab to view the data.

The configuration Device State must be enabled in your data center so that Workspace ONE UEM can display Sensors data for devices on the Sensors tab. Workspace ONE UEM enables this configuration for SaaS customers.

1.In the Workspace ONE UEM console, navigate to Resources > Sensors.

2.On the Sensors page, click Add and select macOS.

3.In the New Sensor page, navigate to General > Name and enter the following:

Setting Description
Name Enter the name of the sensor. The name must start with a lowercase letter followed by alpha-numeric characters and underscores. The name must be between 2 and 64 characters.
Description Enter the description of the sensor.

4.Click Next.

5.Configure the sensor settings in the Details tab.

Setting Description
Language Select the language. Select either Python 3, Bash, or Zsh.
Excecution Context Select either System or Current User. This settings control whether the script for the sensor runs on a user or system context.
Response Data Type Select the type of response to the script for the sensor. You can choose between: - String
- Integer
Boolean
Date Time
Code Upload a script for the sensor or write your own in the text box provided.

6.Click Next.

7.In the Variables tab, you can optionally define variable names and values to use in your Sensor script. These variables are securely stored, encrypted at-rest, and only used temporarily during script execution in the scripting environment.

Variables support static text or UEM lookup values. The lookup values are resolved before being delivered to the device for execution.

Bash/Zsh scripts can reference the variables directly by name from the environment like $myvariable. Python 3 scripts can reference the variables by importing the os module and then using os.getenv\('myvariable'\).

8.Click Save or Save and Assign.

The New Sensor Variables page displays the option for adding variables

You can save the sensors information and go back to menu or can move to the Assignment page to add sensors to a smart group.

What to do next:

To add a sensor to a smart group, perform the following steps:

  1. In the New Assignment page, enter the Assignment Name and Select Smart Group. Click Next
  2. In the Deployment page, configure the Triggers settings. Select any trigger.

The new assignment page displays the options to select a trigger

Trigger Description
Periodically Run the script periodically based on the Intelligent Hub Sample schedule.
Login Run the script at login.
Logout Run the script at logout.
Startup Run the script at startup.
User Switch Run the script after the macOS user login via fast user switching.
Network Change Run the script whenever a network change is detected on the device (for example, switching from Ethernet to Wi-Fi or changing Wi-Fi networks). Requires macOS Intelligent Hub 21.04.

3.Click Save.

After the assignment group is saved, you can prioritize the assignments if multiple smart groups are configured with potentially overlapping sets of devices. Once this step is done, devices with Intelligent Hub installed will receive the Sensor configurations on the next check-in. Intelligent Hub will then run the Sensor and report the data back to Workspace ONE UEM.

View Sensors in Device Details

Sensor data can be viewed in the Workspace ONE UEM console in Device Details > Sensors tab. The configuration Device State must be enabled in your data center so that Workspace ONE UEM can display Sensors data for devices on the Sensors tab. Workspace ONE UEM enables this configuration for SaaS customers.

Note: Workspace ONE UEM is working on a solution for on-premises environments, but until this solution is created, the Sensors tab is not available in Device Details for on-premises deployments.

  1. In the Workspace ONE UEM console, navigate to Device > Details View and select the Sensors tab.

    The following details are displayed in the Sensors tab:

    • Name - Name of the Sensor.
    • Value - Value reported by the device.
    • Last executed date - The timestamp for when the Sensor value was collected.

  2. To request the device to on-demand, run the Sensor and report the value back, select a Sensor name, and click Run.

    Note: Run button is displayed in Device Details only if the Hub version is supported. The minimum supported macOS Hub version is 21.01.

  3. To view information about Sensors execution, navigate to Details View > Troubleshooting. In the event log filters, select Sensors.

    Note: This is seen only if the event log level is set to capture information or debug messages.

Examples for macOS Sensors

When you create Sensors for macOS devices, you must upload a script or enter the Bash, Python 3, or Zsh code in the text box provided during configuration in the Workspace ONE UEM console. The code in this script should return the values for the Sensor attributes.

Sensor Script Examples

The following examples contain the settings and the code needed.

Note: Any Sensor that returns a date-time data type value uses the ISO format.

  • Get the number of battery charge cycles:

    • Language: Bash or Zsh

    • Execution Context: System

    • Response Data Type: Integer

      /usr/sbin/ioreg -r -c "AppleSmartBattery" | grep -w "CycleCount" | awk '{print $3}' | sed -n 'p;N;'

  • Get the current Mac HostName:

    • Language: Bash or Zsh

    • Execution Context: System

    • Response Data Type: String

      /usr/sbin/scutil --get HostName

  • Get Firefox version:

    • Language: Bash

    • Execution Context: System

    • Response Data Type: String

      if [ -f "//Applications/Firefox.app/Contents/Info.plist" ] ; then
    /usr/bin/defaults read /Applications/Firefox.app/Contents/Info.plist CFBundleShortVersionString ;
else
    echo "0" ;

  • Get current console username logged in:

    • Language: Python 3

    • Execution Context: System

    • Response Data Type: String

      from SystemConfiguration import SCDynamicStoreCopyConsoleUser
print(SCDynamicStoreCopyConsoleUser(None, None, None)[0])
check-circle-line exclamation-circle-line close-line
Scroll to top icon