Mac Health Check (4.0.0b27)

A major update to the practical, MDM-agnostic, user-friendly approach to surfacing Mac compliance information directly to end-users — and now enterprise reporting data warehouses — via your MDM's self-service app

Splunk Dashboard

23-Jun-2026

• Raised the minimum required swiftDialog version to 3.1.0.4990
• Added JSON health reporting (with optional Splunk HTTP Event Collector (HEC) delivery)
• Added a stand-alone swiftDialog Inspect Mode-flavored report (i.e., inspectSummaryPreset="on"), plus cached replay (i.e., inspectReplayMaximumAgeSeconds) for Self Service runs
• Refactored full Silent health-check runs to write /var/tmp/MacHealthCheck-Inspect-Config.json and /var/tmp/MacHealthCheck-Inspect-Compliance.plist without launching swiftDialog
• Refactored checkElectronCornerMask to reduce execution time
• Many quality-of-life user-interface improvements
• Refactored checkHomebrewStatus() to more accurately reflect Homebrew's actual installation status
• Added "Next Steps" to Inspect Mode-flavored report
• Added checkWiFiStrength(); thanks, @kgolden-code!
• Removed displayFailureNotification() in favor of the Inspect Mode-flavored report
• Refactored Silent when used with splunkOperationMode=production to suppress non-Splunk console output while still logging fully to scriptLog, and to return success when local report generation plus Splunk HEC delivery succeed, regardless of recorded health findings
• Refactored updateComputerInventory() to log and skip jamf recon during Silent runs when splunkOperationMode=production
• Refactored Palo Alto GlobalProtect-related code (inspired by @kgolden-code’s PR #88) to add support for connected-non-pa status, safe plist reads, disconnected-as-warning behavior and normalized external-check output
• Refactored the final standard dialog to distinguish warning-only results from failures, showing Computer Needs Attention with an amber exclamation mark and returning exit code 0 when no checks failed
• Update Free Disk Space and (Folder) Size and Item Count reporting Info (thanks for PR #89, @HowardGMac!)
• Enhanced Wi-Fi Strength test reporting (thanks for PR #90, @HowardGMac!)
• Refactored Silent when used with splunkOperationMode=production to suppress non-Splunk console output and return success when Splunk reporting succeeds, regardless of recorded health findings
• Refactored Palo Alto GlobalProtect-related code (inspired by @kgolden-code’s PR #88) to add support for connected-non-pa status, safe plist reads and normalized external-check output
• Added Client-Side Cache nightly cache generation and Jamf Pro cached Splunk upload optimization
• Added LaunchDaemon deployment for a local daily Silent report refresh with deterministic per-Mac jitter around 1:23 a.m.
• Added a LaunchDaemon-only loginwindow lastUserName fallback for user-scoped checks when no GUI user is active
• Sanitized the client-side script copy so it does not perform Jamf inventory submission
• Fixed duplicate prefixed Silent log lines from LaunchDaemon-triggered client-side runs by routing LaunchDaemon stdout/stderr to /dev/null and keeping updateScriptLog() as the single MHC-prefixed writer to scriptLog
• Fixed truncated Run command-preview log entries by joining and quoting command arguments before logging user-context helper invocations
• Normalized client-side cache, LaunchDaemon validation/loading, and Jamf external-check helper output so field logs stay MHC-prefixed
• Tightened cached-report validation and cached Splunk upload state so cached upload failures no longer look like successful report generation
• Updated the detached swiftDialog Inspect Mode Preset 6 report for swiftDialog 3.1.0.4979 compliance findings
• Added a live compliance plist source for compliance-summary, findings-list and bento-grid BentoPlistDetailSheet popovers
• Added Inspect Mode trigger, readiness and result control file paths to generated Preset 6 configs
• Updated the Preset 6 demo resources to use source-level labels and cell IDs that bind directly to plist keys
• Refactored swiftDialog pre-flight updates to skip redundant production package downloads when the installed release already matches the latest production build
• Improved external-check result parsing, logging and client-side cache installs
• Refactored updateComputerInventory() to show an end-user warning state when jamf recon fails instead of always reporting success
• Added a 90-second timeout for jamf recon during updateComputerInventory(), with timeout-specific logging and end-user messaging
• Maximized swiftDialog Inspect Mode Preset 6 with Quick Actions, a conditional Remediation Guide, status-aware bento-grid cards, and a stronger unhealthy-results hierarchy
• Added checkEntraIDRegistration() function to Jamf Pro-specific checks and identity.entraIDRegistration in JSON reports and Inspect Mode summaries
• Added Force Fresh Run support for Silent runs with splunkOperationMode=production, allowing next eligible check-in to bypass cached Splunk upload shortcut and execute a complete fresh health-check run
  • Added one-shot Force Fresh Run trigger-file support via /var/tmp/MacHealthCheck-Force-Fresh-Run
  • Repurposed Script Parameter 11 for forceFreshRun and converted reportDebug to a source-level variable
  • Removes any existing cached local Splunk JSON report before a forced fresh run so a brand-new report is generated and delivered to Splunk HEC
• Enriched Preset 6 plist-backed bento cells with FR #667 detail-sheet fields (severity, explanation, remediation, actionButtonText, actionURL), widened the Available Updates warning card, and added a non-plist detailOverlay support card example

---

What's Changed

• Add repo-specific security scan workflow and security policy by @dan-snelson in #85
• 3.2.0 by @dan-snelson in #86
• 4.0.0b18 by @dan-snelson in #91
• 4.0.0b25 by @dan-snelson in #93

Full Changelog: v3.2.0...v4.0.0b27