Customize macOS Installation of AnyConnect

Managed device manager (MDM) systems can customize the installation of Cisco AnyConnect with various modules on macOS. AnyConnect has the option to install with pre-configured Umbrella profiles and to hide modules. Modify the AnyConnect deployment disk image (DMG) file to select the modules to install with AnyConnect.

This guide describes how to deploy AnyConnect with only the Umbrella and DART (for diagnostics) modules. The instructions do not include the steps to add the VPN module. For more information, see Customize AnyConnect Module Installation on MAC Endpoints.

By default, AnyConnect deploys with the VPN module. To deploy AnyConnect with the Umbrella module from the CLI or MDM, an XML configuration is required. Use a transform (ACTransforms.xml) to deploy AnyConnect without VPN capabilities.

Requirements
Prerequisites
Procedure

Requirements

macOS version 10.14.6 or higher
Cisco AnyConnect 4.8 MR2 or higher
Administrative permissions on the macOS device
(Optional) macOS MDM permissions

Prerequisites

Download the OrgInfo.json file from Umbrella.
Download the AnyConnect Pre-Deployment Package (Mac OS) from https://software.cisco.com/download/home.

Procedure

Choose the modules to install with AnyConnect on a macOS device.

Step 1 – Make the DMG Package Writeable

Use Disk Utility or hdiutil to change the permissions on the DMG package from Read Only to Read/Write.

Open a Terminal and set the DMG file to Read/Write.

hdiutil convert anyconnect-macos-<version>.dmg -format UDRW -o anyconnect-writeable.dmg

Step 2 – Generate the Module Installation Configuration File

Generate an AnyConnect module configuration file that defines the modules to include with the installation of AnyConnect.

Open a Terminal and launch the DMG from /Volumes.

open anyconnect-writeable.dmg

Run installer providing the pkg option with the name of the AnyConnect package and the showChoiceChangesXML option. Redirect the output to install_choices.xml to generate the installation configuration file.

installer -pkg /volumes/AnyConnect\ <version>/AnyConnect.pkg -showChoiceChangesXML > ~/Downloads/install_choices.xml

Step 3 – Copy OrgInfo.json to AnyConnect Installation Directory

Open a Terminal and launch the DMG from /Volumes/Profiles.

cd /Volumes/Anyconnect/<version>/Profiles/Umbrella/

Drag the OrgInfo.json file that you downloaded from Umbrella to Volumes/Profiles. For more information about downloading OrgInfo.json, see Prerequisites.

Step 4 – (Optional) Hide the VPN Module

To hide the AnyConnect VPN module, modify ACTransforms.xml.

Open a Terminal and launch the ACTransforms.xml file from /Volumes.

cd /Volumes/Anyconnect/<version>/Profiles
open -e ACTransforms.xml

Remove the XML comments around the Transforms element, and then save ACTransforms.xml.

<Transforms>
<DisableVPN>true</DisableVPN>
<DisableCustomerExperienceFeedback>true</DisableCustomerExperienceFeedback>
</Transforms>

Step 5 – Customize the AnyConnect Installation Modules

Edit install_choices.xml created in Step 2 – Generate the Module Installation Configuration File. Either skip or install the AnyConnect modules defined in the configuration file.

To skip a module, define the module with 0.
To install a module, define the module with 1.

Note: Modifying choice_vpn does not supersede the changes that you made to ACTransforms.xml. The VPN module is required, even if you hid the module previously.

Open a Terminal and launch install_choices.xml.
Define an integer XML element for each module and assign to 0 or 1, and then save install_choices.xml.

cd /Volumes
open -e ~/Downloads/install_choices.xml

Example – Customize AnyConnect Modules

In the following example, the Core VPN, Umbrella, and DART modules are set to 1 and are included in the AnyConnect installation.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<array>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_vpn</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_vpn</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>1</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_vpn</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_websecurity</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_websecurity</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_websecurity</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_fireamp</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_fireamp</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_fireamp</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_dart</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_dart</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>1</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_dart</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_posture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_posture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_posture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_iseposture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_iseposture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_iseposture</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_nvm</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_nvm</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>0</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_nvm</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<true/>
		<key>choiceAttribute</key>
		<string>visible</string>
		<key>choiceIdentifier</key>
		<string>choice_umbrella</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<false/>
		<key>choiceAttribute</key>
		<string>enabled</string>
		<key>choiceIdentifier</key>
		<string>choice_umbrella</string>
	</dict>
	<dict>
		<key>attributeSetting</key>
		<integer>1</integer>
		<key>choiceAttribute</key>
		<string>selected</string>
		<key>choiceIdentifier</key>
		<string>choice_umbrella</string>
	</dict>
</array>
</plist>

Step 6 – Set Up the Correct Extension Permission Settings

By default, macOS requires the user to accept the activation of a new System Extension. As a result, the user is presented with a popup. An MDM is required to approve the AnyConnect system extension and disable the pop-up, using a management profile’s SystemExtensions payload. For more information on System Extensions payloads, see System Extensions.
Follow the payload guidance in AnyConnect Extension Approval using MDM to deploy the System Extension settings.

Step 7 – Install AnyConnect with Selected Modules

Install AnyConnect with the configured modules.

Open a Terminal and mount the DMG from /Volumes.

cd /Volumes
mount ~/Downloads/anyconnect-writeable.dmg
hdiutil convert anyconnect-writeable.dmg -format UDRO -o anyconnect-readable.dmg
hdiutil detach /Volumes/AnyConnect/<version>/

Run installer providing the pkg option with the name of the AnyConnect package and the applyChoiceChangesXML option with install_choices.xml.

hdiutil attach ~/Downloads/anyconnect-readable.dmg
sudo installer -pkg /Volumes/AnyConnec/<version>/AnyConnect.pkg -applyChoiceChangesXML ~/Downloads/install_choices.xml -target /

Roaming Computer Settings < Customize macOS Installation of AnyConnect > Customize Windows Installation of AnyConnect

Updated 3 months ago

Table of Contents