Skip to main content

I added a new macOS device that has an M1 pro chip.  On my Automox admin dashboard I see this message for this device under the compatibility checklist - This Mac device requires Secure Token User Permission.   I am using the latest Automox agent 1.0-35.pkg.  Is there another step I am missing to install the agent correctly?

Thanks.

Hi, @jaldeguer -- yes, this is currently expected behavior on M1 Macs. In short, Apple restricted certain actions on M1s to accounts with that secure token. It’s a one-time thing, but you should expect to see this on any M1 Mac. Our support team has a great article with a couple of different options for allowing the permission. You can find the article here: https://support.automox.com/help/install-and-configure-automox-agent-for-apple-silicon#one-time-action-required


I tried the User prompt option first it did not work for me it was still showing in the admin dashboard as not compatible.  What worked was using the Command line option.

 

/usr/local/bin/amagent --adminuser '<admin_username>' --adminpass '<admin_password>'

Hi There - I tried the options for allowing this permission on one of my M1 devices - when I run the command line option it seems like it works - i don’t get any errors. That being said, when I check out the device in the admin console it is still showing as “not compatible” due to the secure token. I did scan the device multiple times after to see if it would update, but it doesn’t. 

Is there something that I’m missing? 


Thank you!​​​​​​


Hello...I had used the included worklet to get this to work on M1 Macs where the user is a local admin and it works perfectly.  However, most of our users are not local admins (as per customer security requirement) but is there a way to create a service account as a local admin and use that account to do the patching that requires a secure token?


Hello...I had used the included worklet to get this to work on M1 Macs where the user is a local admin and it works perfectly.  However, most of our users are not local admins (as per customer security requirement) but is there a way to create a service account as a local admin and use that account to do the patching that requires a secure token?

Hello,

 

Thanks for your question! The in-console prompt to resolve the M1 Mac Secure token requirements (usually a banner at the top) will walk through the process of adding the secure token.

It will create a service account for the device if one is missing. You can also refer to the guide linked below for more details about how it adds a service account for patching on devices that do not have one already.

Please note you may need to log in to the Customer Portal to view the guide article. Creating a login is very quick if you don’t already have one.

Cheers,
Brandon


Hello...I had used the included worklet to get this to work on M1 Macs where the user is a local admin and it works perfectly.  However, most of our users are not local admins (as per customer security requirement) but is there a way to create a service account as a local admin and use that account to do the patching that requires a secure token?

Hello,

 

Thanks for your question! The in-console prompt to resolve the M1 Mac Secure token requirements (usually a banner at the top) will walk through the process of adding the secure token.

It will create a service account for the device if one is missing. You can also refer to the guide linked below for more details about how it adds a service account for patching on devices that do not have one already.

Please note you may need to log in to the Customer Portal to view the guide article. Creating a login is very quick if you don’t already have one.

Cheers,
Brandon

Thank you Brandon!  I will check this out and report back my progress and findings.


Reply