Check Network Requirements

Name: Check Network Requirements
Rating: 4.5 (45 reviews)
Author: Ugur Koc

This script validates connectivity to Apple's critical security and software update services by testing TCP connections to required endpoints. It checks both security services (OCSP, CRL, PPQ) and OS/software update services. Results are formatted for Intune custom attributes to provide visibility into network connectivity issues that may prevent proper device security and update functionality.

Monitoring

Author: Ugur Koc

Version: 1.0

Quality checks

All checks pass

Last run May 11, 2026

ShellCheckPass

Tests run automatically on every change. What does each check mean?

View on GitHub

check-network-requirements.sh

#!/bin/bash

# TITLE: Check Network Requirements
# SYNOPSIS: Checks connectivity to Apple security and software update services
# DESCRIPTION: This script validates connectivity to Apple's critical security and software update
#              services by testing TCP connections to required endpoints. It checks both security
#              services (OCSP, CRL, PPQ) and OS/software update services. Results are formatted
#              for Intune custom attributes to provide visibility into network connectivity issues
#              that may prevent proper device security and update functionality.
# TAGS: Monitoring,Network
# PLATFORM: macOS
# MIN_OS_VERSION: 10.15
# AUTHOR: Ugur Koc
# VERSION: 1.0
# LASTUPDATE: 2025-06-04
# CHANGELOG:
#   1.0 - Initial release
#
# EXAMPLE:
#   ./check-network-requirements.sh
#   Checks connectivity to Apple services and outputs reachability status
#
# NOTES:
#   - Tests TCP connectivity on port 443 for all Apple service endpoints
#   - Groups results by security services and update services
#   - Designed for Intune custom attributes (single line output)
#   - Uses nc (netcat) for TCP connection testing with 2 second timeout
#   - No external dependencies required beyond standard macOS tools
#   - For more scripts and guides, visit: IntuneMacAdmins.com

# ============================================================================
# VARIABLES AND INITIALIZATION
# ============================================================================

# Initialize unreachable arrays for each category
security_unreachable=()
update_unreachable=()

# ============================================================================
# FUNCTIONS
# ============================================================================

# Function to output result (for Intune custom attributes)
output_result() {
    # For Intune custom attributes, output should be a single line
    echo "$1"
    exit 0
}

# Function to check TCP connectivity
check_tcp_connection() {
    local domain="$1"
    local port="$2"

    # Use nc (netcat) to test TCP connection with 2 second timeout
    if nc -zw2 "$domain" "$port" 2>/dev/null; then
        return 0
    else
        return 1
    fi
}

# Function to check required commands
check_prerequisites() {
    # Check for netcat availability
    if ! command -v nc >/dev/null 2>&1; then
        output_result "Error: Required command 'nc' not found"
    fi
}

# ============================================================================
# MAIN SCRIPT LOGIC
# ============================================================================

main() {
    # Check prerequisites
    check_prerequisites

    # Check security services
    if ! check_tcp_connection "ocsp.apple.com" "443"; then
        security_unreachable+=("ocsp.apple.com")
    fi

    if ! check_tcp_connection "crl.apple.com" "443"; then
        security_unreachable+=("crl.apple.com")
    fi

    if ! check_tcp_connection "ppq.apple.com" "443"; then
        security_unreachable+=("ppq.apple.com")
    fi

    if ! check_tcp_connection "api.apple-cloudkit.com" "443"; then
        security_unreachable+=("api.apple-cloudkit.com")
    fi

    # Check OS/Software update services
    if ! check_tcp_connection "osrecovery.apple.com" "443"; then
        update_unreachable+=("osrecovery.apple.com")
    fi

    if ! check_tcp_connection "oscdn.apple.com" "443"; then
        update_unreachable+=("oscdn.apple.com")
    fi

    if ! check_tcp_connection "swcdn.apple.com" "443"; then
        update_unreachable+=("swcdn.apple.com")
    fi

    if ! check_tcp_connection "swdist.apple.com" "443"; then
        update_unreachable+=("swdist.apple.com")
    fi

    if ! check_tcp_connection "swdownload.apple.com" "443"; then
        update_unreachable+=("swdownload.apple.com")
    fi

    if ! check_tcp_connection "swscan.apple.com" "443"; then
        update_unreachable+=("swscan.apple.com")
    fi

    if ! check_tcp_connection "updates.cdn-apple.com" "443"; then
        update_unreachable+=("updates.cdn-apple.com")
    fi

    # Format the output
    result=""

    # Check security services status
    if [ ${#security_unreachable[@]} -eq 0 ]; then
        result="Security services: All reachable"
    else
        security_list=$(
            IFS=,
            echo "${security_unreachable[*]}"
        )
        result="Security services unreachable: $security_list"
    fi

    # Add update services status
    if [ ${#update_unreachable[@]} -eq 0 ]; then
        result="$result | Update services: All reachable"
    else
        update_list=$(
            IFS=,
            echo "${update_unreachable[*]}"
        )
        result="$result | Update services unreachable: $update_list"
    fi

    # Output the result
    output_result "$result"
}

# ============================================================================
# ERROR HANDLING
# ============================================================================

# For Intune custom attributes - handle errors gracefully
trap 'output_result "Error: Script failed"' ERR

# ============================================================================
# SCRIPT EXECUTION
# ============================================================================

# Only run main if script is executed directly (not sourced)
if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then
    main "$@"
fi

# Exit successfully (if not using output_result)
exit 0

Related Scripts

Discover similar scripts that might be useful for your automation needs

Highly Related

Apple Token Validity Checker

This script connects to Microsoft Graph and retrieves all Apple Device Enrollment Program (DEP) tokens and Apple Push Notification Certificates configured in Intune. It checks their validity status, expiration dates, and sync status to help administrators proactively manage Apple Business Manager integrations. The script generates detailed reports in CSV format, highlighting tokens and certificates that are expired, expiring soon, or have sync issues.

Monitoring

Highly Related

Check AppleCare Warranty Status

This script checks the warranty status of Apple devices by reading the local warranty information stored by macOS. It retrieves the coverage end date and displays it in a user-friendly format. The script is designed to work with Intune-managed macOS devices as a custom attribute.

Monitoring

Highly Related

Check Available Microsoft Updates

This script uses Microsoft AutoUpdate (MAU) to check for available updates for Microsoft Office applications and other Microsoft software on macOS. It runs the msupdate command in the context of the logged-in user to ensure proper access to user-specific update information. Results are formatted for Intune custom attributes to provide visibility into pending updates.

Monitoring

Browse all scripts