Currently, Mosyle Business’s API does not provide certain device security details, such as password manager status, screen lock detection, hard drive encryption, or antivirus information. Since this data isn’t exposed through Mosyle’s API, Vanta cannot access it directly. This is expected behavior given the current scope of the integration. To help your team maintain strong device compliance, we’ve outlined a workaround that combines Mosyle with Vanta’s Device Monitor. This approach ensures you can continue monitoring key compliance requirements while we work toward deeper integration in the future.
Vendors often prioritize API enhancements when they hear directly from customers, reach out to your Mosyle representative using our short email template (available from your Vanta CSM.)
Requirements
Computers must be assigned an owner in Mosyle
Computer owner must exist as a personnel on Vanta
Computer owner email must match the email address of the corresponding personnel on Vanta
Setup the Configuration Script
Navigate to the Management tab and select the Custom Commands option
Click Add new profile and fill in the following information:
Profile Name (example): VDM Installation Script
Select Enable Variables for this profile
This will allow the installation script to access the "%Email%" variable for the selected computer (documentation)
# Check if VDM is already installed
if /usr/local/vanta/vanta-cli status; then
echo "VDM already installed"
exit 0
fi
# Install VDM
echo "Installing VDM for user %Email%"
VANTA_OWNER_EMAIL="%Email%" \
VANTA_KEY="ENTER_YOUR_DOMAIN_ENROLLMENT_SECRET_HERE" \
VANTA_REGION="ENTER_YOUR_REGION_HERE" \
bash -c "$(curl -L https://raw.githubusercontent.com/VantaInc/vanta-agent-scripts/main/install-macos.sh)"Find your domain enrollment secret and region here
Please Note: it is critical to keep the code that checks if the VDM is already installed because this script will run every time the computer starts
Mosyle requires that you run the script at least once on a test computer before saving it
Learn more about the setup script here
In the Execution Settings tab, select Every start up of the Mac
This trigger allows VDM to be reinstalled if a user inadvertently uninstalls it
Selecting Upon Enrollment only would lead to unmonitored computers
Every user sign-in or Device Info update would be more frequent than necessary
In the Profile Assignment section, select All current and future Devices or the relevant device/user group if you have that setup for your org
Save your Profile
Select View Results to monitor the status of your deployment
Lifecycle Management Notes
Because of how we have set up the installation script, a computer restart is required to trigger installation.
To uninstall the VDM, first disable the Installation script on the target computer and run the following command: sudo /usr/local/vanta/vanta-cli uninstall (documentation)
If you don't disable the installation script, VDM will get reinstalled next time the computer restarts
Once installed, VDM will automatically manage its own software update process.
If a computer doesn't have an owner with an email that matches the personnel on Vanta, the installation script will fail.
Please note: We currently only support an automated test for malware detection for Windows devices. Linux and MacOS are not yet supported, but manual evidence can be uploaded as a Document.