Intune macOS Runbook

Use this runbook to deploy governed Claude Desktop configuration to managed employee Macs through Intune.

1. Before you begin

Confirm:

• thoth onboarding values are available (tenant_id, apex_domain)
• Claude Desktop is already deployed on target Macs
• baseline dependencies (thoth, node, npx) are available on targets

2. Deploy the thoth config file

Deploy this file before the setup script:

/Library/Application Support/Thoth/thoth-config.json

Recommended delivery methods:

• Intune macOS shell script assignment
• macOS profile delivering equivalent content

The setup script should treat this config file as source-of-truth, with optional environment fallback only for testing.

3. Upload macOS setup script

Upload your setup script (for example deploy/intune/macos/setup-claude-mcp.sh) in:

• Intune Admin Center → Devices → macOS → Shell scripts

Recommended settings:

• Run script as signed-in user: No
• Hide script notifications: Yes
• Number of times to retry if script fails: 3

4. Assignment order

Use this order for reliable onboarding:

1. Baseline dependencies assignment
2. thoth-config.json assignment
3. Setup script assignment

Scope each stage to test, then pilot, then full production groups.

5. Validate on a test Mac

Run:

thoth health --json
thoth status

Then verify:

• config exists at /Library/Application Support/Thoth/thoth-config.json
• Claude config exists at ~/Library/Application Support/Claude/claude_desktop_config.json
• setup log shows successful wrap and restart flow (/var/log/thoth-setup.log)

6. Ongoing operations

• Keep setup script assignment recurring and idempotent.
• Rotate onboarding values by updating the config assignment, then re-running setup assignment.
• Use Incident Response and Rollback runbooks for production issues.

Troubleshooting