cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7807
Views
3
Helpful
12
Replies

Cisco AnyConnect.pkg - Microsoft Intune deployment (MDM)

Joan Serra
Level 1
Level 1

We need to deploy massively the Cisco AnyConnect VPN client to MacOSx Devices.

Anyconnect.pkg (Signed and Notarized) is offered by Cisco as a Bundle that fails when trying to distribute using Intune as Line Of Business app. Is there anyway to obtain just the VPN  package installer for MacOSX (Signed and Notarized) and ready to deploy via MDM (Intune)???

Thanks,

 

 

12 Replies 12

TheFern
Level 1
Level 1

I'm also having this issue, I was reading up a bit, and I believe it might be because it has to have the installation configuration set before it installs.

 

https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215876-customize-anyconnect-module-installation.html

Trying to figure out what to do my self. Hope to find a resolution to this as well.

Hi The Fem,

I have found the signed and notarized core-vpn module here: https://it.pharmacy.arizona.edu/file/46787

I will try to follow this guide : https://maclovin.org/blog-native/2021/cge1p5lkn8xdyxz8bgcumg61u7davp

I will have into consideration this Cisco information about de extensions and configuration files: Cisco AnyConnect Secure Mobility Client Administrator Guide, Release 4.9 - Appendix: AnyConnect Changes Related to macOS 11 (And Later) [Cisco Secure Client (including AnyConnect)] - Cisco

While following the Method 2 in the thread you shared there is a point where they go trough a .pkg to .zip to separate modules .DMG. This Cisco guidance is not very clear in those steps, have you figured out what are the complete steps to obtain the core-vpn DMG following the Cisco Method 2 here ??--> https://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/215876-customize-anyconnect-module-installation.html

I will try to distribute the Notarized and signed core-vpn pkg that I found via Intune but It should be interesting to Clarify those Cisco Steps first.

Regards

 

 

@Joan Serra Hey Joan.  Any luck finding out how to convert the .pkg to a .zip?  I too am havong this issue.  The steps are not very clear and the images they use don't match the text they wrote.

When adding the extensions you need to specify, in Intune this:

Snazmeister_0-1677855996707.png

I got this from the MacLovin page. However, I am deploying the SecureClient. So, surely this has to change. But, to what exactly?

 

 

It worked for me with the last 4.10 bundle downloaded directly from Cisco for Macosx. I could extract the core-vpn module correctly and follow the Maclovin guide successfully.

This doesn't answer the question on the version 5. of AnyConnect (SecureClient). Nor, how did this maclovin guy come to this conclusion to use this in InTune?

I've followed his suggestion and my users, on Mac, are still be prompted to allow things to install. Whereas, we're trying to prevent the question being asked at all.

ralpho1
Level 1
Level 1

We have the same Issue. I followed this Artikel https://www.intuneirl.com/deploy-cisco-anyconnect-vpn-on-macos-devices-with-2fa-2/ and this one https://maclovin.org/blog-native/2021/cge1p5lkn8xdyxz8bgcumg61u7davp but without success. When I try to deploy the .DMG File I get the error "The DMG file doens´t contain any supported app. It must contain least one .app file (0x87D3013C). The wrapping Tool which described in the artikel seems not to be availabel anymore. I downloaded the .pkg File but here I get the Errormessage "The selected app package does not appear to have either a ProductCode or ProductVersion." It seems something changed in Intune?

I opend a TAC Case hope they have an idea. If I got a response I will tell you

someshpathak
Level 1
Level 1

Hi @ralpho1 , Try to open the .dmg package and it should have your .pkg file which you can use to upload in Intune as LoB app. 

But how do you maintain the specific configuration you want, in terms of modules. Like with or without Umbrella, DART, VPN etc.? How do you combine, if necessary the Org.json file for Umbrella?

Did you ever find out the answer to this? If yes, can you please share?

hi @someshpathak . It is curious. I tryed this couple of weeks a go and I downloaded the .pkg file from cisco also. but on both I got the error message "The selected app package does not appear to have either a ProcuctCode or Productversion" After your advice I tryed it yesterday again. Now it works

Cisco answered now and gave me the advice to sign the LOB with apple certificate. But now I do no´t need it.

thanks for your help 

Why is this not more upvoted? This solved it for me. Pre-populated everything for me. Thanks!