I posting this up because I was bashing my head against a wall for a week trying to figure how to do this deployment with barely any support because support was really bad. But I did get a good key piece of info from a t3 engineer while working another issue when I mention my ticket to him. So I made a guide on how to do it to help anyone running into this issue.
Edited:reworded
Not sure what your problem was. I read the Cisco docs, deployed all three apps with DART first, Secure Client next then Umbrella last.
Make sure to copy the JSON file first though as it needs to be present for the service to activate. But it’s all in the docs…
I don’t understand how you deploy the OrgInfo.json. I have the file but you refer to the URL of the download in the OrgfileMove.sh file. What’s the best way to host the file to accomplish this?
I’m having an issue with the .mobileconfig file it keeps failing to install so I get the prompts on mac to allow the network filters manually. Any ideas why this would fail? The error it’s giving is below. Everything else is working fine and if I manually click the buttons to allow the network filter then it’s fine but I of course want that to be done silently with the configuration profile. For those wondering about the OrgInfo.JSON what I ended up doing was hosting it on an Azure blob with anonymous authentication but setup networking so it could only be accessed from my office.
Thanks for the great instructions. For some reason, I cannot get Core VPN to Install for the life of me. I have followed your steps exactly and am getting error after error.
the mobilecondfig profile loads. So do the Managed Login profiles. I got DART to install and I swear secure client installed once. But Core VPN is just terrorizing me.
Error code: 0x87D30147 An error occurred during the PKG file installation process. is the error I have been getting.
Any suggestions. Again, great instructions!
First off, thank you for this! This has been a god send. The org info file is in the correct spot. The Intune deployment worked beautifully, I had no issues with installation.
Unfortunately, the only thing I don’t understand is why Umbrella reads as unprotected. I’m now back to bashing my head against the wall
Coming to this thread late. Thanks for breaking this down. I am able to install Umbrella fine, but cannot figure out a way to keep it from showing in the dock. Support has not been very helpful on this front.
Wow I just started bashing my own head lmao thanks!!
I too have bashed my head in. I figured all this out but cannot for the life of me get the vpn service to actually install. The vpn service doesn’t exist. /Library/LaunchDaemons/ is completely void of any com.cisco objects.
It will however work if secure client have been previously installed at some point.
@computerkiller87 I’m trying your method and deploying 3 apps - vpn, umbrella and dart.
Most of the time when testing though, Umbrella seems to be failing to install initially (error 0x87D30147) - and then it can install a little bit later.
All the docs I read deployed all the apps, via one DMG which installed everything dart,fire,ise,umbrella,core, etc. But if you wanted only install certain apps you had to do it via scripted install. Since we use intune and I can’t script dmg install via the app installer. Also we’re only licensed for Cisco umbrella so I could obtain the installer via Cisco umbrella admin page. So I was limited to what I could grab installer wise. if this was anyconnect still the installers are split for Mac. dart,core,umbrella and etc but in Cisco secure connect they combined them for some reason and you only split them apart using the headend pkg installer if it was unzip all the way to reveal the bundles. The dmg installer doesn’t allow this. But pc installer already comes with all the installers split and install docs are way better than the Mac doc as of right now. Which why I made the guide even Cisco t3 support are reviewing my doc to give out since they don’t have an official guide for intune.
I host our orginfo.json file on a website and have the code pull the orginfo.json and move it were it needs to go
Check if you got conflicts I’ve seen mobile config conflicts if an another policy is already setting these settings.
From what I’m seeing the license file is invalid you need to correct that. Make sure you got a good license file the file name should be Orginfo.json if you modify the name it might not work I never tested that. You can try manual copying it over to /opt/cisco/secureclient/umbrella/ then reboot and see if it works and if it does you need to fix your pre-install script
this is the script for the OrgFile Download and move if you wanted to test it.
https://github.com/darossi87/intune/blob/Cisco-Secure-Client-With-Umbrella-MacOS/OrgfileMove.sh
I also updated the guide and orgfile comments a little bit to give more info.
We don’t use the Cisco VPN or I wish I could help we only use umbrella unfortunately.
Ok, so I think I understand why now. Most of the time it tries to push the Umbrella package first and this one of course will fail if VPN is missing. I don’t see any option for dependencies though 
Thanks. It’s what I figured, but I thought I was missing something.
I don’t have any conflicts with other profile settings but I did uninstall secure client and umbrella and then let intune reinstall them. I don’t think that would cause a conflict and from macos side of things it doesn’t detect the machine as having the network filters enabled as it wanted me to manually allow the network filtering
MS hasn’t added that to Mac Apps yet sadly only windows
I have used Whitebox to pack all 3 pkg into 1.
With pre-install scripts I create the Umbrella and VPN profiles.
Works quite nicely.
