Just some quick notes I put together, for anyone looking to deploy the Crowdstrike Falcon agent to MacOS via Cisco Meraki.

  1. Hit up the Crowdstrike documentation article Falcon Sensor for Mac Deployment Guide (version 6.11 and later) and that’ll have the latest correct links. Specifically, you’re going to want to get the latest MacOS Falcon agent, your Customer ID checksum and the Falcon MDM profile.
  2. Head over to Meraki and after logging in, Systems Manager -> Configure -> Tags.
    • Select Add tag at the top right and select an appropriate tag type. For testing, the manual tag type may be most appropriate.
    • Set an easy name, like Crowdstrike and add a device for testing.
  3. Now Systems Manager -> Manage -> Settings.
    • Select Add profile and Upload custom Apple profile.
    • Upload that Falcon MDM profile you downloaded earlier
    • Set the Scope to with ANY of the following tags and add the Crowdstrike tag to the Device tags section.
  4. Next Systems Manager -> Manage -> Apps.
    • Select Add app, macOS app platform and Custom app.
    • Set the Name field to Falcon, that’s important!
    • Set an Icon URL if you feel like making it look pretty.
    • Set the Source type to Upload to the Meraki cloud before adding the Falcon agent installer.
    • You’ll want to set the Command line to sudo /Applications/Falcon.app/Contents/Resources/falconctl license $CS_CID, where $CS_ID is equal to your Customer ID checksum.
    • Set the tags again as above
    • Finally, set your own choice of other options, like Auto-install. I don’t see the point of using the Install as Managed or Remove with MDM as we’re going to want to provide a token to the agent in the event we uninstall it.
  5. You’re ready now to push to your test device.

It works pretty well, at least for my needs so far.