diff --git a/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-01.png b/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-01.png new file mode 100644 index 00000000..65d0fd77 Binary files /dev/null and b/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-01.png differ diff --git a/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-02.png b/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-02.png new file mode 100644 index 00000000..2c2b4644 Binary files /dev/null and b/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-02.png differ diff --git a/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-03.png b/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-03.png new file mode 100644 index 00000000..03adb8bf Binary files /dev/null and b/public/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-03.png differ diff --git a/src/pages/how-to/acronis-netbird-integration.mdx b/src/pages/how-to/acronis-netbird-integration.mdx index ca718045..544b0cfc 100644 --- a/src/pages/how-to/acronis-netbird-integration.mdx +++ b/src/pages/how-to/acronis-netbird-integration.mdx @@ -1,6 +1,6 @@ -# Deploying NetBird in Windows with Acronis Cyber Protect +# Deploying NetBird with Acronis Cyber Protect -Acronis Cyber Protect serves as the centralized management hub for Managed Service Providers (MSPs) and enterprise IT departments, delivering comprehensive cybersecurity and data protection through a unified platform. Acronis' Remote Monitoring and Management (RMM) functionality enables IT professionals to efficiently oversee client networks, automate maintenance tasks, and remotely deploy software across Windows machines at scale. This software deployment capability becomes particularly powerful when MSPs need to install security solutions, such as NetBird, across multiple client environments without requiring manual intervention on each endpoint. +Acronis Cyber Protect serves as the centralized management hub for Managed Service Providers (MSPs) and enterprise IT departments, delivering comprehensive cybersecurity and data protection through a unified platform. Acronis' Remote Monitoring and Management (RMM) functionality enables IT professionals to efficiently oversee client networks, automate maintenance tasks, and remotely deploy software across Windows, macOS, and Linux machines at scale. This software deployment capability becomes particularly powerful when MSPs need to install security solutions, such as NetBird, across multiple client environments without requiring manual intervention on each endpoint. NetBird offers a WireGuard-based overlay network with Zero Trust Network Access capabilities, integrating seamlessly with RMM deployment workflows. Once Acronis RMM handles the automated installation and initial configuration, NetBird delivers secure network connectivity through its peer-to-peer private network infrastructure with zero ongoing manual configuration requirements. This integration creates a streamlined operational approach where: @@ -10,18 +10,18 @@ NetBird offers a WireGuard-based overlay network with Zero Trust Network Access This approach allows MSPs to deploy comprehensive Zero Trust security solutions efficiently while maintaining centralized control over both installation processes and ongoing network access policies. -In this hands-on tutorial, you'll learn how to use Acronis Cyber Protect software deployment capabilities to install and configure NetBird across Windows machines, creating secure, manageable network environments for distributed teams. +In this hands-on tutorial, you'll learn how to use Acronis Cyber Protect software deployment capabilities to install and configure NetBird across Windows and macOS machines, creating secure, manageable network environments for distributed teams. ## Prerequisites Before beginning this tutorial, ensure you have the following prerequisites in place: - A [NetBird account](https://app.netbird.io) with administrative permissions to create and manage access policies. -- The NetBird Windows EXE installer downloaded from the [NetBird installation documentation](https://docs.netbird.io/how-to/installation#windows) +- NetBird's Windows installer (`exe` or `.msi`) downloaded from the [NetBird installation documentation](https://docs.netbird.io/how-to/installation#windows) - An active [Acronis Cyber Protect Cloud](https://www.acronis.com/en-us/products/cloud/cyber-protect/) subscription like [Cyber Protect Advanced](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#editions-and-licensing.html). -- Acronis Cyber Protect Agent [installed and registered on all target Windows machines](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#installation-overview.html). +- Acronis Cyber Protect Agent [installed and registered on all target Windows and macOS machines](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#installation-overview.html). - Administrative access to the Acronis Cyber Protect Console with [permissions to manage software deployment and device policies](https://www.acronis.com/en-us/support/documentation/AcronisCyberProtect_15/index.html#adding-administrators-acronis-account.html). -- At least one Windows machine is listed in the **All devices** screen in Acronis Protect Cloud. +- At least one Windows and one macOS device listed in the **All devices** screen in Acronis Protect Cloud. ## Setting Up NetBird Access Policies for Team-Specific Permissions @@ -29,7 +29,7 @@ Before beginning this tutorial, ensure you have the following prerequisites in p These policies work in tandem with Acronis RMM's monitoring and management capabilities. While Acronis monitors system compliance and maintains device health, NetBird enforces network-level access restrictions based on predefined group memberships. -For example, to create a policy that enables the `IT Administrators` team to access the `Windows Workstations` group: +For example, let's create an access policy. While the steps are the same for macOS, this demonstration will use a Windows group for simplicity. Our goal is to enable the `IT Administrators` team to access the `Windows Workstations` group: - Log in to your NetBird management dashboard with administrative credentials - Navigate to `Access Control > Policies` and click the `Add Policy` button in the upper right corner. @@ -52,7 +52,7 @@ Moreover, users will only gain this network access when their devices are active With these access policies configured, you can now proceed to use Acronis' software deployment capabilities to install NetBird across your managed Windows machines, ensuring that all team members have the required secure connectivity client automatically deployed and configured. -## Deploying NetBird in Windows using Acronis +## Installing NetBird in Windows using Acronis Packages This section demonstrates how to create a software package in Acronis Cyber Protect Cloud and deploy NetBird across your managed Windows machines using automated installation commands. @@ -147,11 +147,11 @@ After configuring the plan parameters, click `Create` to save the plan for futur The advantage of deployment plans is that they enable scheduled, repeatable installations across multiple client environments, allowing MSPs to standardize NetBird deployments during designated maintenance windows while maintaining consistent configuration management across all managed endpoints. -## Deploying NetBird in Windows as a PowerShell Script +## Installing NetBird in Windows using a PowerShell Script In addition to packages, Acronis Cyber Protect Cloud allows you to install NetBird using PowerShell scripts. This method is handy to automate NetBird installation on Windows Servers, especially if you plan to use [setup keys](https://docs.netbird.io/how-to/register-machines-using-setup-keys). -### Adding NetBird PowerShell Scripts to Windows Endpoints +### Adding NetBird PowerShell Scripts to Acronis To add a new PowerShell script, navigate to `MANAGEMENT > Script repository` and click the `Create script by using AI` button. @@ -563,13 +563,567 @@ From `MANAGEMENT > Scripting plans`, you can click on the three-dot menu of any ![Manually Running a Scripting Plan](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-windows-28.png) -## Confirming Windows Endpoint Registration in NetBird +## Installing NetBird in macOS using a Bash Script -While Acronis Cyber Protect handles the automated deployment of NetBird clients to your Windows endpoints, client authentication operates independently through NetBird's identity provider integration system. NetBird [supports major Identity Providers (IdP)](https://docs.netbird.io/how-to/add-users-to-your-network#identity-provider-id-p-sync), including Microsoft Entra ID, Google Workspace, Okta, and others, allowing organizations to maintain their existing authentication infrastructure. +For large-scale deployments, you can automate the NetBird client installation on multiple macOS endpoints using a Bash script. This method downloads the official package directly from NetBird's GitHub releases and proceeds with the installation. + +You can optionally use NetBird's [setup keys](https://docs.netbird.io/how-to/register-machines-using-setup-keys) to pre-authorize devices during provisioning. The key ensures that once a machine joins the network, it is automatically placed in the correct groups with all the right access permissions already applied. + +### Adding NetBird Bash Scripts to Acronis + +From the Acronis console, go to `MANAGEMENT > Script repository` to create a new script for your macOS devices. Select the `Create script by using AI` option and paste the following code into the script editor: + +```shell + # This code is based on the netbird-installer contribution by physk on GitHub. +# Source: https://github.com/physk/netbird-installer +set -e + +CONFIG_FOLDER="/etc/netbird" +CONFIG_FILE="$CONFIG_FOLDER/install.conf" + +OWNER="netbirdio" +REPO="netbird" +CLI_APP="netbird" +UI_APP="netbird-ui" + +# Set default variable +OS_NAME="" +OS_TYPE="" +ARCH="$(uname -m)" +PACKAGE_MANAGER="bin" +INSTALL_DIR="" +SUDO="" + + +if command -v sudo > /dev/null && [ "$(id -u)" -ne 0 ]; then + SUDO="sudo" +elif command -v doas > /dev/null && [ "$(id -u)" -ne 0 ]; then + SUDO="doas" +fi + +if [ -z ${NETBIRD_RELEASE+x} ]; then + NETBIRD_RELEASE=latest +fi + +get_release() { + local RELEASE=$1 + if [ "$RELEASE" = "latest" ]; then + local TAG="latest" + local URL="https://pkgs.netbird.io/releases/latest" + else + local TAG="tags/${RELEASE}" + local URL="https://api.github.com/repos/${OWNER}/${REPO}/releases/${TAG}" + fi + if [ -n "$GITHUB_TOKEN" ]; then + curl -H "Authorization: token ${GITHUB_TOKEN}" -s "${URL}" \ + | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' + else + curl -s "${URL}" \ + | grep '"tag_name":' | sed -E 's/.*"([^"]+)".*/\1/' + fi +} + +download_release_binary() { + VERSION=$(get_release "$NETBIRD_RELEASE") + BASE_URL="https://github.com/${OWNER}/${REPO}/releases/download" + BINARY_BASE_NAME="${VERSION#v}_${OS_TYPE}_${ARCH}.tar.gz" + + # for Darwin, download the signed NetBird-UI + if [ "$OS_TYPE" = "darwin" ] && [ "$1" = "$UI_APP" ]; then + BINARY_BASE_NAME="${VERSION#v}_${OS_TYPE}_${ARCH}_signed.zip" + fi + + if [ "$1" = "$UI_APP" ]; then + BINARY_NAME="$1-${OS_TYPE}_${BINARY_BASE_NAME}" + if [ "$OS_TYPE" = "darwin" ]; then + BINARY_NAME="$1_${BINARY_BASE_NAME}" + fi + else + BINARY_NAME="$1_${BINARY_BASE_NAME}" + fi + + DOWNLOAD_URL="${BASE_URL}/${VERSION}/${BINARY_NAME}" + + echo "Installing $1 from $DOWNLOAD_URL" + if [ -n "$GITHUB_TOKEN" ]; then + cd /tmp && curl -H "Authorization: token ${GITHUB_TOKEN}" -LO "$DOWNLOAD_URL" + else + cd /tmp && curl -LO "$DOWNLOAD_URL" || curl -LO --dns-servers 8.8.8.8 "$DOWNLOAD_URL" + fi + + + if [ "$OS_TYPE" = "darwin" ] && [ "$1" = "$UI_APP" ]; then + INSTALL_DIR="/Applications/NetBird UI.app" + + if test -d "$INSTALL_DIR" ; then + echo "removing $INSTALL_DIR" + rm -rfv "$INSTALL_DIR" + fi + + # Unzip the app and move to INSTALL_DIR + unzip -q -o "$BINARY_NAME" + mv -v "netbird_ui_${OS_TYPE}/" "$INSTALL_DIR/" || mv -v "netbird_ui_${OS_TYPE}_${ARCH}/" "$INSTALL_DIR/" + else + ${SUDO} mkdir -p "$INSTALL_DIR" + tar -xzvf "$BINARY_NAME" + ${SUDO} mv "${1%_"${BINARY_BASE_NAME}"}" "$INSTALL_DIR/" + fi +} + +add_apt_repo() { + ${SUDO} apt-get update + ${SUDO} apt-get install ca-certificates curl gnupg -y + + # Remove old keys and repo source files + ${SUDO} rm -f \ + /etc/apt/sources.list.d/netbird.list \ + /etc/apt/sources.list.d/wiretrustee.list \ + /etc/apt/trusted.gpg.d/wiretrustee.gpg \ + /usr/share/keyrings/netbird-archive-keyring.gpg \ + /usr/share/keyrings/wiretrustee-archive-keyring.gpg + + curl -sSL https://pkgs.netbird.io/debian/public.key \ + | ${SUDO} gpg --dearmor -o /usr/share/keyrings/netbird-archive-keyring.gpg + + # Explicitly set the file permission + ${SUDO} chmod 0644 /usr/share/keyrings/netbird-archive-keyring.gpg + + echo 'deb [signed-by=/usr/share/keyrings/netbird-archive-keyring.gpg] https://pkgs.netbird.io/debian stable main' \ + | ${SUDO} tee /etc/apt/sources.list.d/netbird.list + + ${SUDO} apt-get update +} + +add_rpm_repo() { +cat <<-EOF | ${SUDO} tee /etc/yum.repos.d/netbird.repo +[NetBird] +name=NetBird +baseurl=https://pkgs.netbird.io/yum/ +enabled=1 +gpgcheck=0 +gpgkey=https://pkgs.netbird.io/yum/repodata/repomd.xml.key +repo_gpgcheck=1 +EOF +} + +add_aur_repo() { + INSTALL_PKGS="git base-devel go" + REMOVE_PKGS="" + + # Check if dependencies are installed + for PKG in $INSTALL_PKGS; do + if ! pacman -Q "$PKG" > /dev/null 2>&1; then + # Install missing package(s) + ${SUDO} pacman -S "$PKG" --noconfirm + + # Add installed package for clean up later + REMOVE_PKGS="$REMOVE_PKGS $PKG" + fi + done + + # Build package from AUR + cd /tmp && git clone https://aur.archlinux.org/netbird.git + cd netbird && makepkg -sri --noconfirm + + if ! $SKIP_UI_APP; then + cd /tmp && git clone https://aur.archlinux.org/netbird-ui.git + cd netbird-ui && makepkg -sri --noconfirm + fi + + # Clean up the installed packages + ${SUDO} pacman -Rs "$REMOVE_PKGS" --noconfirm +} + +prepare_tun_module() { + # Create the necessary file structure for /dev/net/tun + if [ ! -c /dev/net/tun ]; then + if [ ! -d /dev/net ]; then + mkdir -m 755 /dev/net + fi + mknod /dev/net/tun c 10 200 + chmod 0755 /dev/net/tun + fi + + # Load the tun module if not already loaded + if ! lsmod | grep -q "^tun\s"; then + insmod /lib/modules/tun.ko + fi +} + +install_native_binaries() { + # Checks for supported architecture + case "$ARCH" in + x86_64|amd64) + ARCH="amd64" + ;; + i?86|x86) + ARCH="386" + ;; + aarch64|arm64) + ARCH="arm64" + ;; + *) + echo "Architecture ${ARCH} not supported" + exit 2 + ;; + esac + + # download and copy binaries to INSTALL_DIR + download_release_binary "$CLI_APP" + if ! $SKIP_UI_APP; then + download_release_binary "$UI_APP" + fi +} + +# Handle macOS .pkg installer +install_pkg() { + case "$(uname -m)" in + x86_64) ARCH="amd64" ;; + arm64|aarch64) ARCH="arm64" ;; + *) echo "Unsupported macOS arch: $(uname -m)" >&2; exit 1 ;; + esac + + PKG_URL=$(curl -sIL -o /dev/null -w '%{url_effective}' "https://pkgs.netbird.io/macos/${ARCH}") + echo "Downloading NetBird macOS installer from https://pkgs.netbird.io/macos/${ARCH}" + curl -fsSL -o /tmp/netbird.pkg "${PKG_URL}" + ${SUDO} installer -pkg /tmp/netbird.pkg -target / + rm -f /tmp/netbird.pkg +} + +check_use_bin_variable() { + if [ "${USE_BIN_INSTALL}-x" = "true-x" ]; then + echo "The installation will be performed using binary files" + return 0 + fi + return 1 +} + +install_netbird() { + if [ -x "$(command -v netbird)" ]; then + status_output="$(netbird status 2>&1 || true)" + + if echo "$status_output" | grep -q 'failed to connect to daemon error: context deadline exceeded'; then + echo "Warning: could not reach NetBird daemon (timeout), proceeding anyway" + else + if echo "$status_output" | grep -q 'Management: Connected' && \ + echo "$status_output" | grep -q 'Signal: Connected'; then + echo "NetBird service is running, please stop it before proceeding" + exit 1 + fi + + if [ -n "$status_output" ]; then + echo "NetBird seems to be installed already, please remove it before proceeding" + exit 1 + fi + fi + fi + + # Run the installation, if a desktop environment is not detected + # only the CLI will be installed + case "$PACKAGE_MANAGER" in + apt) + add_apt_repo + ${SUDO} apt-get install netbird -y + + if ! $SKIP_UI_APP; then + ${SUDO} apt-get install netbird-ui -y + fi + ;; + yum) + add_rpm_repo + ${SUDO} yum -y install netbird + if ! $SKIP_UI_APP; then + ${SUDO} yum -y install netbird-ui + fi + ;; + dnf) + add_rpm_repo + ${SUDO} dnf -y install netbird + + if ! $SKIP_UI_APP; then + ${SUDO} dnf -y install netbird-ui + fi + ;; + rpm-ostree) + add_rpm_repo + ${SUDO} rpm-ostree -y install netbird + if ! $SKIP_UI_APP; then + ${SUDO} rpm-ostree -y install netbird-ui + fi + ;; + pacman) + ${SUDO} pacman -Syy + add_aur_repo + ;; + pkg) + # Check if the package is already installed + if [ -f /Library/Receipts/netbird.pkg ]; then + echo "NetBird is already installed. Please remove it before proceeding." + exit 1 + fi + + # Install the package + install_pkg + ;; + brew) + # Remove Netbird if it had been installed using Homebrew before + if brew ls --versions netbird >/dev/null 2>&1; then + echo "Removing existing netbird client" + + # Stop and uninstall daemon service: + netbird service stop + netbird service uninstall + + # Unlink the app + brew unlink netbird + fi + + brew install netbirdio/tap/netbird + if ! $SKIP_UI_APP; then + brew install --cask netbirdio/tap/netbird-ui + fi + ;; + *) + if [ "$OS_NAME" = "nixos" ];then + echo "Please add NetBird to your NixOS configuration.nix directly:" + echo "" + echo "services.netbird.enable = true;" + + if ! $SKIP_UI_APP; then + echo "environment.systemPackages = [ pkgs.netbird-ui ];" + fi + + echo "Build and apply new configuration:" + echo "" + echo "${SUDO} nixos-rebuild switch" + exit 0 + fi + + install_native_binaries + ;; + esac + + if [ "$OS_NAME" = "synology" ]; then + prepare_tun_module + fi + + # Add package manager to config + ${SUDO} mkdir -p "$CONFIG_FOLDER" + echo "package_manager=$PACKAGE_MANAGER" | ${SUDO} tee "$CONFIG_FILE" > /dev/null + + # Load and start netbird service + if [ "$PACKAGE_MANAGER" != "rpm-ostree" ] && [ "$PACKAGE_MANAGER" != "pkg" ]; then + if ! ${SUDO} netbird service install 2>&1; then + echo "NetBird service has already been loaded" + fi + if ! ${SUDO} netbird service start 2>&1; then + echo "NetBird service has already been started" + fi + fi + + + echo "Installation has been finished. To connect, you need to run NetBird by executing the following command:" + echo "" + echo "netbird up" +} + +version_greater_equal() { + printf '%s\n%s\n' "$2" "$1" | sort -V -c +} + +is_bin_package_manager() { + if ${SUDO} test -f "$1" && ${SUDO} grep -q "package_manager=bin" "$1" ; then + return 0 + else + return 1 + fi +} + +stop_running_netbird_ui() { + NB_UI_PROC=$(ps -ef | grep "[n]etbird-ui" | awk '{print $2}') + if [ -n "$NB_UI_PROC" ]; then + echo "NetBird UI is running with PID $NB_UI_PROC. Stopping it..." + kill -9 "$NB_UI_PROC" + fi +} + +update_netbird() { + if is_bin_package_manager "$CONFIG_FILE"; then + latest_release=$(get_release "latest") + latest_version=${latest_release#v} + installed_version=$(netbird version) + + if [ "$latest_version" = "$installed_version" ]; then + echo "Installed NetBird version ($installed_version) is up-to-date" + exit 0 + fi + + if version_greater_equal "$latest_version" "$installed_version"; then + echo "NetBird new version ($latest_version) available. Updating..." + echo "" + echo "Initiating NetBird update. This will stop the netbird service and restart it after the update" + + ${SUDO} netbird service stop || true + ${SUDO} netbird service uninstall || true + stop_running_netbird_ui + install_native_binaries + + ${SUDO} netbird service install + ${SUDO} netbird service start + fi + else + echo "NetBird installation was done using a package manager. Please use your system's package manager to update" + fi +} + +# Checks if SKIP_UI_APP env is set +if [ -z "$SKIP_UI_APP" ]; then + SKIP_UI_APP=false +else + if $SKIP_UI_APP; then + echo "SKIP_UI_APP has been set to true in the environment" + echo "NetBird UI installation will be omitted based on your preference" + fi +fi + +# Identify OS name and default package manager +if type uname >/dev/null 2>&1; then + case "$(uname)" in + Linux) + OS_TYPE="linux" + UNAME_OUTPUT="$(uname -a)" + if echo "$UNAME_OUTPUT" | grep -qi "synology"; then + OS_NAME="synology" + INSTALL_DIR="/usr/local/bin" + PACKAGE_MANAGER="bin" + SKIP_UI_APP=true + else + if [ -f /etc/os-release ]; then + OS_NAME="$(. /etc/os-release && echo "$ID")" + INSTALL_DIR="/usr/bin" + + # Allow netbird UI installation for x64 arch only + if [ "$ARCH" != "amd64" ] && [ "$ARCH" != "arm64" ] \ + && [ "$ARCH" != "x86_64" ];then + SKIP_UI_APP=true + echo "NetBird UI installation will be omitted as $ARCH is not a compatible architecture" + fi + + # Allow netbird UI installation for linux running desktop environment + if [ -z "$XDG_CURRENT_DESKTOP" ];then + SKIP_UI_APP=true + echo "NetBird UI installation will be omitted as Linux does not run desktop environment" + fi + + # Check the availability of a compatible package manager + if check_use_bin_variable; then + PACKAGE_MANAGER="bin" + elif [ -x "$(command -v apt-get)" ]; then + PACKAGE_MANAGER="apt" + echo "The installation will be performed using apt package manager" + elif [ -x "$(command -v dnf)" ]; then + PACKAGE_MANAGER="dnf" + echo "The installation will be performed using dnf package manager" + elif [ -x "$(command -v rpm-ostree)" ]; then + PACKAGE_MANAGER="rpm-ostree" + echo "The installation will be performed using rpm-ostree package manager" + elif [ -x "$(command -v yum)" ]; then + PACKAGE_MANAGER="yum" + echo "The installation will be performed using yum package manager" + elif [ -x "$(command -v pacman)" ]; then + PACKAGE_MANAGER="pacman" + echo "The installation will be performed using pacman package manager" + fi + + else + echo "Unable to determine OS type from /etc/os-release" + exit 1 + fi + fi + + + ;; + Darwin) + OS_NAME="macos" + OS_TYPE="darwin" + INSTALL_DIR="/usr/local/bin" + + # Check the availability of a compatible package manager + if check_use_bin_variable; then + PACKAGE_MANAGER="bin" + else + PACKAGE_MANAGER="pkg" + fi + ;; + esac +fi + +UPDATE_FLAG=$1 + +if [ "${UPDATE_NETBIRD}-x" = "true-x" ]; then + UPDATE_FLAG="--update" +fi + +case "$UPDATE_FLAG" in + --update) + update_netbird + ;; + *) + install_netbird +esac +``` + +This script is designed to download the latest macOS package (`.pkg`) from the official NetBird releases page and perform a silent, unattended installation. + +Next, configure the script's properties in the right sidebar: + +* **Name:** Enter a descriptive name for the script (e.g., `macOS Install Script`). +* **Language settings:** Ensure the `Language` is set to `Bash` and the `Operating system` is `macOS`. +* **Arguments:** If needed, you can pass parameters to the script through the `Arguments` field, such as setup keys for automated enrollment. +* Once configured, set the script's status to `Approved` and click `Save`. + +![Add NetBird Bash Script script](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-01.png) + +If you need to manage your scripts, you can do it by navigating to `MANAGEMENT > Script repository > My scripts` + +### Deploying NetBird Scripts to macOS Endpoints + +Once the script is saved, you can run it on-demand from `My scripts` or add it to a scripting plan to schedule its execution + +**Method 1: Quick Run from My scripts** + +* Navigate to `MANAGEMENT > Script repository > My scripts`. +* Find the macOS script you created, click the three-dot menu icon next to it, and select `Script quick run`. +* In the pop-up that opens, select the target macOS devices (workloads) for the installation. +* Click `Run now` to deploy the script to the chosen devices. +* To track the installation status, go to `MONITORING > Activities`. + +![Quick Run NetBird Bash Script script](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-02.png) + +**Method 2: Scheduled Scripting Plans** + +This method allows you to automate the script's execution on a recurring basis. + +First, navigate to `MANAGEMENT > Scripting plans` and click `Create plan`. In the configuration window, set up the following options: + +* **Name the plan:** Click the pencil icon to enter a descriptive name. +* **Choose what to run:** Select your macOS script from the list. +* **Define the schedule:** Set the desired frequency, time, and maximum allowed runtime for the script. +* **Select targets:** Add the macOS devices (workloads) that will be part of this plan. + +Once all settings are configured, click `Create` to save and activate the plan. + +![Quick Run NetBird Bash Script script](/docs-static/img/how-to-guides/acronis-windows-netbird-integration/acronis-macos-03.png) + +Tip: You can manually trigger any plan outside its schedule. Go to `MANAGEMENT > Scripting plans`, find the plan you want to execute, click its three-dot menu, and run it. + +## Confirming Endpoint Registration in NetBird + +While Acronis Cyber Protect handles the automated deployment of NetBird clients to your Windows and macOS endpoints, client authentication operates independently through NetBird's identity provider integration system. NetBird [supports major Identity Providers (IdP)](https://docs.netbird.io/how-to/add-users-to-your-network#identity-provider-id-p-sync), including Microsoft Entra ID, Google Workspace, Okta, and others, allowing organizations to maintain their existing authentication infrastructure. For example, organizations using Microsoft 365 can use the [NetBird-Microsoft Entra ID integration](https://docs.netbird.io/how-to/microsoft-entra-id-sync#get-started-with-net-bird-entra-id-integration) to automatically authenticate and synchronize users and groups from Entra ID to NetBird. This integration eliminates manual user provisioning by automatically syncing organizational structure, including group memberships and user access permissions. Once synchronized, users automatically inherit the corresponding Access Control Policies created in the initial configuration section (`IT Administrators` group has access to the `Windows Workstations` group), ensuring that network access permissions align with their organizational roles. -To confirm that your Acronis-deployed Windows endpoints successfully joined NetBird, navigate to the `Peers` menu in your NetBird dashboard. Successfully registered endpoints will appear in the peers list with their device names, connection status, and assigned IP addresses within your NetBird network. +To confirm that your Acronis-deployed Windows (or macOS) endpoints successfully joined NetBird, navigate to the `Peers` menu in your NetBird dashboard. Successfully registered endpoints will appear in the peers list with their device names, connection status, and assigned IP addresses within your NetBird network. This verification step ensures that your automated deployment process has completed successfully and that devices are ready to enforce the access control policies configured for your organization's security requirements.