The idea is to assign a macOS shell script, executed by the Intune Management Agent which downloads the munki-tools and the middleware script from the public container, installs both on the macOS device and then the Munki tools can connect via middleware to the private container to get the software published for the device. In this article. Intune lets you manage macOS devices to give users access to company email and apps. As an Intune admin, you can set up enrollment for company-owned macOS devices and personally owned macOS devices ('bring your own device' or BYOD). Enrolling the device via the Intune Company Portal. So as mentioned the Microsoft Intune Company Portal for Macos devices is in preview and can be used to enroll your device and check compliance. Let’s see how the experience looks like. First of all you can download the Company Portal here. So after downloading and starting the Company Portal.
Applications…. how much trouble can it be? A lot!! I am not an expert in packaging apps but when I tried and I hear colleagues in the business who is experts I hear the same over and over: Its a hard work and takes time.
When putting up custom apps (Line-of-Business) in Intune we have a lot of possibilities for iOS, Android and Windows but are more restricted when it comes to MacOs. Hopefully it will get more and more developed, I am sure MS is working on it.
In Sweden a lot of schools have Mac as their choice for students. Many times they are not managed at all or managed by some 3rd party image solution. Before every school start in August a lot of computers needs to be reimaged and that takes time and is quite boring. Especially if you got thousands of Macs.
If Intune is used for MDM when it comes to iOS, Android or Windows 10 start using it for MAC as well.
Compare Intune what it can do against the non MDM solution that is in place at moment. It there is still need for even more advanced configuration settings and management JAMF is the way to go as an add-on to Intune.
Ok, lets get back to the core of this blogpost. What needs to be done to publish a custom application on our MacOS devices and using Intune only.
We are bound to some requirements when pushing these apps:
Download Intune For Mac Pro
- The package is a product archive. Only PKG files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as DMG to PKG is not supported. But I do have cases where that actually worked fine.
- The PKG file must be signed using “Developer ID Installer” certificate, obtained from an Apple Developer account.
- File needs to be wrapped prepared for Intune. You cannot upload the PKG file directly.
- The total of the file cannot be over 4 GB.
The Intune App Wrapping Tool for Mac must be run on a macOS machine as most of the other steps here so do all of this work on an Mac!
In short the steps are like this:
- Get an developer account on Apple
- Request an Developer ID certificate
- Download the Intune App Wrapping Tool for Mac.
- Extract the PKG from DMG if necessary
- Sign the PKG file with your own Developer ID Certificate
- Run the Intune App Wrapping tool to prepare the app.
- Publish the application in Intune and assign to the targeted groups
Sign the pkg file and upload
How prepare the file for use with Intune you can find on the link below:
Prepare the .PKG file for Intune
Upload and publish the app in Intune
Go to the Intune portal and then ‘Client apps/Apps’ and add a new Line-of-business app.
Watch the magic
So if the goods of Internet and machines are with us. The app should be installed within 5-10 minutes. Of course is that depending on the size of it.
Somethings to remember when working with MacOs and apps.
- For the Intune service to successfully deploy a new .pkg file to the device you must increment the package
CFBundleVersionstring in the packageinfo file in your .pkg package.
- iOS and MacOS LOB apps have a maximum size limit of 4 GB per app.
- On MacOS you can manage deployment of App Store apps but only via a VPP account.
The problem isn't related with the enrollment process by itself. Microsoft is supporting the mac OS enrollment through the new Company Portal (even in Preview). The enrolled devices must be manageable in the SCCM console (once that is in an hybrid infrastructure), but instead, these devices are being managed and shown in the Azure Portal. Microsoft Intune Company Portal showing 'No apps to display' We've got a number of users with the Microsoft Intune Company Portal app installed on their iPhones. We use this for Mobile Device Management, to ensure users set passwords on their devices and so that we can remotely wipe their device should it be lost or stolen.
Enrolling the device via the Intune Company Portal. So as mentioned the Microsoft Intune Company Portal for Macos devices is in preview and can be used to enroll your device and check compliance. Let’s see how the experience looks like. First of all you can download the Company Portal here. So after downloading and starting the Company Portal. Enroll your macOS device using the Company Portal app.; 4 minutes to read; l; p; d; a; In this article. Enroll your macOS device with the Intune Company Portal app to gain secure access to your work or school email, files, and apps. Can dance with macOS and SCCM. Can be applied to All Groups and All Users (as well as User/Device groups) Device configuration profiles: Mirrors many GPOs (good if you come from a traditional on-prem setup and have prior knowlede). Can use admx as 'templates'. Highest level of flexibility. Easy to get lost.-->
Learn how to get your new macOS device managed in Intune.
Devices that are provided by your work or school are often preconfigured before you receive them. Your organization will send these preconfigured settings to your device after you turn it on and sign in for the first time. After your device completes setup, you'll receive access to your work or school resources.
To begin management setup, power on your device and sign in with your work or school credentials. The rest of this article describes the steps and screens you'll see as you walk through Setup Assistant.
Intune Company Portal Download Macos
What is Apple's Automated Device Enrollment?
Your organization might have purchased their devices through an Apple program called Automated Device Enrollment (formerly referred to as their device enrollment program or DEP). Automated Device Enrollment lets organizations buy large amounts of iOS, iPadOS or macOS devices. Organizations can then configure and manage those devices within their preferred mobile device management provider, such as Intune. If you're an administrator and want more information about Apple ADE, see Automatically enroll macOS devices with Apple's Automated Device Enrollment with ABM/ASM.
Get your device managed
Intune And Macs
Complete the following steps to enroll your macOS device in management. If you're using your own device, rather than an org-provided device, follow the steps for personal and bring-your-own devices.
Power on your macOS device.
Choose your country/region and click Continue.
Choose a keyboard layout. The list shows one or more options based off your selected country/region. To see all layout options, regardless of your selected country/region, click Show All. When you're done, click Continue.
Select your Wi-Fi network. You must have an internet connection to continue setup. If you do not see your network, or if you need to connect over a wired network, click Other Network Options. When you're done, click Continue.
After you're connected to Wi-Fi, the Remote Management screen appears. Remote management enables your organization's administrator to remotely configure your device with company-required accounts, settings, apps, and networks. Read through the remote management explanation to help you understand how your device is managed. Then click Continue.
When prompted, sign in with your work or school account. After you're authenticated, your device will install a management profile. The profile configures and enables your access to your organization's resources.
Read about the Apple data & privacy icon so that you can later identify when personal information is being collected. Then click Continue.
After your device is enrolled, you might have additional steps to complete. The steps you see depend on how your organization customized the setup experience. It could require you to:
- Sign in to an Apple account
- Agree to the Terms and conditions
- Create a computer account
- Walk through an express setup
- Set up your Mac
Get the Company Portal app
Download the Intune Company Portal app for macOS on your device. The app lets you monitor, sync, add, and remove your device from management, and install apps. These steps also describe how to register your device with Company Portal.
Intune Company Portal Download
- On your macOS device, go to https://portal.manage.microsoft.com/EnrollmentRedirect.aspx.
- Sign in to the Company Portal website with your work or school account.
- Click Get the App to download the Company Portal installer for macOS.
- When prompted, open the .pkg file and complete the installation steps.
- Open the Company Portal app and sign in with your work or school account.
- Find your device and click Register.
- Click Continue > Done. Your device should now appear in the Company Portal app as a corporate and compliant device.
Adding Mac To Intune
Still need help? Contact your company support. For contact information, check the Company Portal website.