Deploying macOS applications via Intune


#1

As of Intune Company Portal 1.7 for macOS (outlined here Intune Company Portal 1.7 released for macOS) users now have the ability to install line of business apps (LoB) from within the company portal.

Below are the steps to publish a macOS LoB app to a macOS device via Intune

  1. You need a .pkg installer, .dmg is not supported. I am using Microsoft Teams in this example. Download Teams package file from https://teams.microsoft.com/downloads

  2. Download Intune Wrapping tool for Mac from https://github.com/msintuneappsdk/intune-app-wrapping-tool-mac

  3. Run the command line tool against your applicaiton, below is an example for Microsoft Teams. Make sure the application has no spaces in the file name i.e. rename Teams osx.pkg to Teams_osx.pkg (having spaces in the filename will cause deployment issues).

     daniil$ ./IntuneAppUtil -c ~/Downloads/Teams_osx.pkg -o ./ -v
     Finding the package type... 
     Microsoft Intune Application Utility for Mac OS X
     Version: 1.0.0.0
     Copyright 2018 Microsoft Corporation
    
    
     Creating intunemac file for /Users/daniil/Downloads/Teams_osx.pkg
      
     File /Users/daniil/Downloads/Teams_osx.pkg is copied to /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/Teams_osx.pkg. 
     Extracting the package.... 
      
     Extract any PAX packages.... 
     Enumerating directory /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/ExtractedPkg/... 
     Parsing the directory /Users/daniil/Downloads/Teams_osx.pkg. 
     Enumerating directory /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/ExtractedPkg/ ... 
     Path: Teams_osx_app.pkg/PackageInfo
      
     File being parsed is /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/ExtractedPkg/Teams_osx_app.pkg/PackageInfo. 
     Found App Bundle Info.
     Name:
     ID:com.microsoft.teams
     Version:119253
     ShortVersion:1.00.119253
     MinimumOSVersion:
      
     Retrieving Package Installation Parameters... 
     Generating Detection Data... 
     Removing optional package /Users/stevengao/Documents/sms_01/Framework/XPlat/ParseMacOSPackage/XMLParser.mm from detection dictionary. 
     Compute MD5 hash with chunk size 10485760 
     MD5 hash is c3cf149158b94b39a5b206d0ed812668 
     MD5 hash is cd471e45494af01d86d3e36a696d2caa 
     MD5 hash is f1832d830d8ad49f0a1b055159f77240 
     MD5 hash is f1c88c40ed1d69656e3bc84430534548 
     MD5 hash is dc8f249dcb653b0ee079c15c0ae3f3b9 
     MD5 hash is 1f341f8a171ca4aebe7a41a09e170d6c 
     MD5 hash is fd941b43a67f7017155c9894adb3b124 
     MD5 hash is 41fb955cb56c1b4a8cbd787e4788dc4c 
     Detection Metadata File /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/detection.xml already exists. 
     Composing the intunemac file output
      
     File /Users/daniil/Downloads/Teams_osx.pkg is copied to /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/IntuneMacPackage/contents/Teams_osx.pkg. 
      
     File /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/detection.xml is copied to /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/IntuneMacPackage/Metadata/Detection.xml. 
       adding: IntuneMacPackage/ (stored 0%)
       adding: IntuneMacPackage/contents/ (stored 0%)
       adding: IntuneMacPackage/contents/Teams_osx.pkg (stored 0%)
       adding: IntuneMacPackage/Metadata/ (stored 0%)
       adding: IntuneMacPackage/Metadata/Detection.xml (stored 0%)
     File .//Teams_osx.pkg.intunemac is copied. 
     Removing /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/IntuneMacPackage ... 
     Output written to .//Teams_osx.pkg.intunemac.
    
     IntuneAppUtil successfully processed "Teams_osx.pkg",
     to deploy refer to the product documentation.
     Removing directory /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/Teams_osx.pkg... 
     Removing directory /var/folders/fy/xtq5xkw56wg3tc2ng7klpw800000gn/T/ExtractedPkg/... 
    
  4. This will produce Teams_osx.pkg.intunemac file. This file can now be uploaded into Intune. the *.intunemac file is a zip file that contains the package file and a XML header file (Detection.xml)
    Content of the XML file:

     <?xml version="1.0" encoding="UTF-8"?>
     <PackageMetadata Version="1.0.0.0" TimeStamp="2018-07-30 01:22:37 +0000" MacOSX="10.13.6" xmlns="http://schemas.microsoft.com/Intune/2018/01/01/MACLOBAPP">
     <MacOSLobApp PackageType="pkg" PackageName="Teams_osx.pkg" BundleId="com.microsoft.teams" BuildNumber="0">
     <MD5HashChunkSize Size="10485760"/>
     <MD5Hash>md5hash
     </MD5Hash>
     <MacOSLobChildApp BundleId="com.microsoft.teams" BuildNumber="117852" VersionNumber="1.00.117852"/>
     </MacOSLobApp>
     <InstallerParams VolumeInfo="/" RestartAction="None"/>
     </PackageMetadata>
    
  5. In Intune navigate to Client Apps -> Apps and add a new Line-of-business app


  6. You will then need to fill in the App Information and provide an icon. In the case of Teams you may switch “Ignore app version” to Yes as Teams updates automatically hence no need to maintain a version via Intune.

  7. Once you save the settings the package will start uploading to Intune, you then need to assign the application to a group of users.

  8. Once assigned the app should become available within the Intune Company Portal app within ~15 mins or so.o Client Apps -> Apps and add a new Line-of-business app


  9. You will then need to fill in the App Information and provide an icon. In the case of Teams you may switch “Ignore app version” to Yes as Teams updates automatically hence no need to maintain a version via Intune.

  10. Once you save the settings the package will start uploading to Intune, you then need to assign the application to a group of users.

  11. Once assigned the app should become available within the Intune Company Portal app within ~15 mins or so.


#2

Deploying apps via Intune would only work if -> install-location is set to =”/Applications”. If the 3rd party Package have a pkg-info with install-location=”/”. Deployment in intune would not work.

Unfortunately at this point in time Intune has limited support for line of business application installation on the Mac OS Platform and can only deploy those applications which are configured with the install-location set for Applications.


#3

I’ve successfully deployed Citrix Files for macOS via Intune

The “Citrix Files” package contains 2 packages inside:

  • Fuse_components.pkg - has Install-Location set to /
  • Citrix_files.pkg - has Install-Location set to /Applications

This has successfully installed, Fuse_components.pkg installs a filesystem extension which has also installed successfully (this did require an additional profile to be created to whitelist the developer team ID).


#4

wow, i had a case open with MS and i had an update that Install location set to “/” is not supported in Intune.

Could you please share any info which show the details where is location is set to / and app is installed. If possible. Thanks.


#5

My usecase may be different from what you are trying to do

The package I’ve deployed is located here: http://dl.sharefile.com/cfmac

Note this is a DMG file I had to mount it and extract the .pkg from inside.

You can pull it apart and see how its different to the application you are trying to deploy.

The Kernel extension whitelisting I had to do is based on: https://derflounder.wordpress.com/2018/04/12/whitelisting-third-party-kernel-extensions-using-profiles/


#6

HI Danil, I have reviewed the link to whitelist kernel extension. Could you let me know which tool have you used to create the profile?


#7

It’s just an xml file, you can just copy the profile text from the link and deploy it.

I generally use Apple Configurator to create the profile header and then fill in the other text.