- Article
Use the information in this article to help you add macOS line-of-business apps to Microsoft Intune.
Note
macOS LOB apps have a maximum size limit of 2 GB per app.
macOS LOB apps need to have a logo. If they don't have a logo, they will not be displayed in the apps section.
While users of macOS devices can remove some of the built-in macOS apps like Stocks, and Maps, you cannot use Intune to redeploy those apps. If end users delete these apps, they must go to the app store, and manually re install them.
App requirements
The .pkg file must satisfy the following requirements to successfully be deployed using Microsoft Intune.
- The .pkg file is a component package or a package containing multiple packages.
- The .pkg file does not contain a bundle or disk image or .app file.
- The .pkg file is signed using a "Developer ID Installer" certificate, obtained from an Apple Developer account.
- The .pkg file contains a payload. Packages without a payload will attempt to re-install as long as the app remains assigned to the group.
Select the app type
Note
In August 2022, we removed the ability to upload wrapped .intunemac files in the Microsoft Intune admin center. You can now upload .pkg files to the Microsoft Intune admin center.
Important
The .pkg file must be signed using "Developer ID Installer" certificate, obtained from an Apple Developer account. Only .pkg files may be used to upload macOS LOB apps to Microsoft Intune. However, conversion of other formats, such as .dmg to .pkg is supported. For more information about converting non-pkg application types, see How to deploy DMG or APP-format apps to Intune-managed Macs.
- Sign in to the Microsoft Intune admin center.
- Select Apps > All apps > Add.
- In the Select app type pane, under the Other app types, select Line-of-business app.
- Click Select. The Add app steps are displayed.
Step 1 - App information
Select the app package file
- In the Add app pane, click Select app package file.
- In the App package file pane, select the browse button. Then, select an macOS installation file with the extension .pkg.The app details will be displayed.
- When you're finished, select OK on the App package file pane to add the app.
Set app information
- In the App information page, add the details for your app. Depending on the app that you chose, some of the values in this pane might be automatically filled in.
- Name: Enter the name of the app as it appears in the company portal. Make sure all app names that you use are unique. If the same app name exists twice, only one of the apps appears in the company portal.
- Description: Enter the description of the app. The description appears in the company portal.
- Publisher: Enter the name of the publisher of the app.
- Minimum Operating System: From the list, choose the minimum operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.
- Ignore app version: Select Yes to install the app if the app is not already installed on the device. Select No to only install the app when it is not already installed on the device, or if the deploying app's version number does not match the version that's already installed on the device.
- Install as managed: Select Yes to install the Mac LOB app as a managed app on supported devices (macOS 11 and higher). A macOS LOB app can only be installed as managed when the app distributable contains a single app without any nested packages and installs to the /Applications directory. Managed line-of-business apps will be able to be removed using the uninstall assignment type on supported devices (macOS 11 and higher). In addition, removing the MDM profile removes all managed apps from the device. The default value is No.
- Included apps: Review and edit the apps that are contained in the uploaded file. Included app bundle IDs and build numbers are used for detecting and monitoring app installation status of the uploaded file. The app listed first is used as the primary app in app reporting.
Included apps list should only contain the application(s) installed by the uploaded file in Applications folder on Macs. Any other type of file that is not an application or an application that is not installed to Applications folder should be removed from the Included apps list. If Included apps list contains files that are not applications or if all the listed apps are not installed, app installation status does not report success.
Mac Terminal can be used to look up and confirm the included app details of an installed app.
For example, to look up the bundle ID and build number of a Company Portal, run the following:
defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleIdentifier
Then, run the following:
defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleShortVersionString - Category: Select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the company portal.
- Show this as a featured app in the Company Portal: Display the app prominently on the main page of the company portal when users browse for apps.
- Information URL: Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal.
- Privacy URL: Optionally, enter the URL of a website that contains privacy information for this app. The URL appears in the company portal.
- Developer: Optionally, enter the name of the app developer.
- Owner: Optionally, enter a name for the owner of this app. An example is HR department.
- Notes: Enter any notes that you want to associate with this app.
- Logo: Upload an icon that is associated with the app. This icon is displayed with the app when users browse through the company portal.
- Click Next to display the Scope tags page.
You can use scope tags to determine who can see client app information in Intune. For full details about scope tags, see Use role-based access control and scope tags for distributed IT.
- Click Select scope tags to optionally add scope tags for the app.
- Click Next to display the Assignments page.
Step 3 - Assignments
Select the Required, Available for enrolled devices, or Uninstall group assignments for the app. For more information, see Add groups to organize users and devices and Assign apps to groups with Microsoft Intune.
Note
Uninstall intend will only be displayed for LOB apps created with Install as managed set to Yes. For more information review App information section earlier on this article.
(Video) Microsoft Intune Deploy Client Apps - Line of Bussness application LOB- Training Series video No#107Click Next to display the Review + create page.
Step 4 - Review + create
Review the values and settings you entered for the app.
When you are done, click Create to add the app to Intune.
The Overview blade for the line-of-business app is displayed.
(Video) Deploying MacOS Apps in Intune
The app you have created appears in the apps list where you can assign it to the groups you choose. For help, see How to assign apps to groups.
Note
If the .pkg file contains multiple apps or app installers, then Microsoft Intune will only report that the app is successfully installed when all installed apps are detected on the device.
Update a line-of-business app
- Sign in to the Microsoft Intune admin center.
- Select Apps > All apps.
- Find and select your app from the list of apps.
- Select Properties under Manage from the app pane.
- Select Edit next to App information.
- Click on the listed file next to Select file to update. The App package file pane is displayed.
- Select the folder icon and browse to the location of your updated app file. Select Open. The app information is updated with the package information.
- Verify that App version reflects the updated app package.
To update a line-of-business app deployed as a .pkg file, you must increment the CFBundleShortVersionString of the .pkg file.
Intune will update the app when this schedule elapses, provided that any previous version of the app is still present on the device.
Next steps
The app you have created is displayed in the apps list. You can now assign it to the groups you choose. For help, see How to assign apps to groups.
Learn more about the ways in which you can monitor the properties and assignment of your app. For more information, see How to monitor app information and assignments.
Learn more about the context of your app in Intune. For more information, see Overview of device and app lifecycles
FAQs
How do I add macOS lob Apps to Intune? ›
- Sign in to the Microsoft Intune admin center.
- Select Apps > All apps > Add.
- In the Select app type pane, under the Other app types, select Line-of-business app.
- Click Select. The Add app steps are displayed.
You can add an app in Microsoft Intune by selecting Apps > All apps > Add. The Select app type pane is displayed and allows you to select the App type.
Can you add Mac to Intune? ›All Mac enrollments in Intune are considered user-approved. User-approved enrollment lets you manage macOS devices that aren't part of Apple School Manager or Apple Business Manager. It provides the same level of control as supervised macOS devices enrolled using Automated Device Enrollment or Apple Configurator.
How do I force Apple Business Manager to sync to Intune? ›Microsoft Intune automatically syncs with Apple Business Manager. Devices can take up to 12 hours to appear in the admin center. You can wait for these devices to sync, or manually start the sync. To start the sync yourself, select your token from the list in the admin center, and then choose Devices > Sync.
How do I add Apple Apps to Intune? ›Sign in to the Microsoft Intune admin center. Select Apps > All apps > Add. In the Select app type pane, under the available Store app types, select iOS store app. Click Select.
How do I update my line of business Apps in Intune? ›- Sign in to the Microsoft Intune admin center.
- Select Apps > All apps.
- Find and select your app from the list of apps.
- Select Properties under Manage from the app pane.
- Select Edit next to App information.
- Click on the listed file next to Select file to update.
- Step 1: Download the Intune public key certificate. In Microsoft Intune admin center, select Devices > iOS/iPadOS > iOS/iPadOS enrollment: ...
- Step 2: Go to the Apple Business Manager portal. ...
- Step 3: Save the Apple ID. ...
- Step 4: Upload your token and finish.
- Make sure the baselines are applied to any endpoints and avoid exclusions.
- Regularly update the baseline version to align with the product.
- Monitor the security configuration profiles and/or apply Intune governance.
- Implement a process for exclusions and changes that involve a security role.
Apple. Intune requires iOS 14. x or later for device enrollment scenarios and app configuration delivered through Managed devices app configuration policies. For Intune app protection policies and app configuration delivered through Managed apps App configuration policies, Intune requires iOS 14.
How to install macOS in Azure? ›4 answers. 2) You cannot run macOS in Azure VMs. You can only run Linux or Windows machines in Azure.
How do I sync my Mac with Intune? ›
- Open the Company Portal app.
- Select Devices.
- If you only have one device, you'll go directly to the device details screen and can skip to step 4. ...
- Select More [...] and then choose Check Status to sync your device.
- Wait while Company Portal confirms your device status.
Sign in to the Microsoft Intune admin center. Navigate to Devices > Scripts and select a macOS shell script.
How do I create a macOS package? ›...
Follow the steps mentioned below:
- Navigate to Software Deployment -> Add Packages -> Mac.
- Specify a name for the Package and provide the details of the package for your personal reference.
- Click Installation tab.
Choose Manage > Install Packages, then select a . pkg or . mpkg file to install. Alternatively, you can drag an installer package to the package list window.
How do I connect Apple business manager to MDM? ›Link your MDM solution.
To use MDM for distribution, you must first link your MDM solution to a location in Apple Business Manager using a secure token. To download your token, go Settings > Apps and Books and select the appropriate location token. Upload this token to your MDM server to establish the link.
Configure Apple Business Manager to support provisioning with Azure AD. In Apple Business Manager, sign in with an account that has the role of Administrator or People Manager. Click Settings at the bottom of the sidebar click Data Source below Organization Settings, then click Connect to Data Source.
How do I distribute apps from Apple Business Manager? ›- From the App Store Connect Homepage, click My Apps, and select your app from the list.
- Under Pricing and Availability, go to the App Distribution Methods section.
- Select Public.
- Step 1: Get your VPP token. Log in to your Apple Business Manager account (https://business.apple.com/) ...
- Step 2: Register your Apple VPP Token. Log in to Intune account (https://endpoint.microsoft.com/) ...
- Step 3: Get licenses of your branded app. ...
- Step 4: Sync token and your branded app will appear.
- Install the company portal app from the App store.
- Once installed, open the company portal app and click on Sign in.
- Enter the user's email address, and Enter the password. Click on Begin.
- Sign in to the Microsoft Intune admin center.
- Select Devices > All devices.
- In the list of devices you manage, select a device to open its Overview pane, and then select Sync.
- To confirm, select Yes.
What is the lob app in Intune? ›
A line-of-business (LOB) app is an app that you add to Intune from an app installation file. This kind of app is typically written in-house. Intune installs the LOB app on the user's device.
Which app stores are supported in Intune? ›Admins can browse, deploy, and monitor Microsoft Store applications inside Intune. Upon deployment, Intune automatically keeps the apps up to date when a new version becomes available. The Microsoft Store supports UWP apps, desktop apps packaged in . msix, and now Win32 apps packaged in .exe or .
How does Intune update iOS apps? ›By default, devices check in with Intune about every 8 hours. If an update is available through an update policy, the device downloads the update. The device then installs the update upon next check-in within your schedule configuration.
How do I manually enroll devices in Apple Business Manager? ›- Click Prepare in the toolbar.
- Choose Actions > Prepare.
- Control-click the selected devices or Blueprints, then choose Prepare. The Prepare Assistant appears.
Requires access to a Mac computer with a USB port. Be sure your devices are supported. Be sure the Apple MDM push certificate is added to Intune, and is active. This certificate is required to enroll iOS/iPadOS devices.
Can Intune manage Apple devices? ›Intune supports mobile device management (MDM) of iPads and iPhones to give users secure access to work email, data, and apps. This guide provides iOS-specific guidance to help you set up enrollment and deploy apps and policies to users and devices.
What are the disadvantages of using Microsoft Intune? ›- Intune CONS :
- * Narrow focus on mobile devices; not a full systems-management platform.
- * Doesn't support server-side applications.
- * Not intended for large applications.
- * Doesn't have the feature-set to handle complex package deployments.
MDM is a way of securing mobile devices such as smartphones and tablets, whereas MAM secures the applications on those devices that are used to access organizational data, such as Outlook, SharePoint, and OneDrive.
What all types of apps can be deployed using Intune? ›- Win32 apps.
- Offline licensed Microsoft Store for Business apps.
- LOB apps (MSI, APPX and MSIX)
- Microsoft 365 Apps for enterprise.
So you can use Word, Excel, and PowerPoint on a Mac just like on a PC. macOS also provides built-in support for the latest version of Microsoft Exchange Server. So you can use all the apps you love on your Mac, and have access to your mail, contacts, and calendar from the office, all at the same time.
What macOS minimum requirements for Intune? ›
Requires macOS 10.15 and newer. Accessibility: Your options: Not configured: Intune doesn't change or update this setting. Allow: Allows the app to access to the system Accessibility app.
Does macOS use a package manager? ›Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's operating system, macOS, as well as Linux.
Can you run macOS in a VM? ›You can install Mac OS X, OS X, or macOS in a virtual machine. Fusion creates the virtual machine, opens the operating system installation assistant, and installs VMware Tools. VMware Tools loads the drivers required to optimize a virtual machine's performance.
Does Azure offer macOS? ›right now azure is not supporting mac server.
Does Azure work with macOS? ›The short answer is yes — you can bind Mac to Azure.
How to setup MDM macOS? ›- Provide your credentials (either a one-time passcode that is provided by your organization or your user name and password). ...
- Accept the terms and conditions, and then click Continue.
- Click Install to install the MDM profile on the device. ...
- Follow these steps to enroll the device:
Intune includes built-in settings to customize features on your macOS devices. For example, administrators can add AirPrint printers, choose how users sign in, configure the power controls, use single sign-on authentication, and more.
Can you join a Mac to Azure AD? ›As a result, your users can leverage their Azure AD user names (User Principal Name) and passwords as Managed Apple IDs. They can then use their Azure AD credentials to sign in to iCloud on their assigned iPad or Mac and even to iCloud on the web.
Where are macOS services stored? ›Services are in ~/Library/Services and yes, that is the file that handles the service you see in the services menu. Yes, you can add or remove them and they will automatically appear or disappear from the Services menu. Restart is not necessary.
Where is Terminal app macOS? ›Open Terminal
On your Mac, do one of the following: Click the Launchpad icon in the Dock, type Terminal in the search field, then click Terminal. In the Finder , open the /Applications/Utilities folder, then double-click Terminal.
Where is macOS program files? ›
- Click the Finder app — it looks like a blue and white face and is located in your Dock.
- Select Applications in the left sidebar.
- On the top bar of your Mac, select Go and then Applications in the dropdown menu.
- In the Add app pane, click Select app package file.
- In the App package file pane, select the browse button. Then, select an macOS installation file with the extension . pkg. The app details will be displayed.
- When you're finished, select OK on the App package file pane to add the app.
A package is any directory that the Finder presents to the user as if it were a single file. A bundle is a directory with a standardized hierarchical structure that holds executable code and the resources used by that code.
Which is better DMG or PKG? ›DMG files are much more flexible and suitable for distribution, while PKG files offer greater options for specific install instructions. In addition, they are both compressed, so the original file size is reduced.
How to install macOS software on Windows? ›- Step 2: Log Into Your Apple Account. ...
- Step 3: Download Your First macOS App. ...
- Step 4: Save Your macOS Virtual Machine Session. ...
- The Apple Apps Aren't Very Fast in the Virtual Machine.
There is no default package manager for Mac users, while Linux users have many options—from the familiar yum and apt to the modern choice of Flatpak. But what about us? This is where Homebrew comes in. Homebrew fills the void as the de facto package manager for macOS (and as another option for Linux).
How do I install macOS from DMG file? ›Double-click the .dmg file to open it and see the .pkg file within. Double-click the .pkg file, then follow the onscreen instructions. This installs the macOS installer into your Applications folder. Open your Applications folder and double-click the macOS installer, named Install [ Version Name ].
How do I update my line of business apps in Intune? ›- Sign in to the Microsoft Intune admin center.
- Select Apps > All apps.
- Find and select your app from the list of apps.
- Select Properties under Manage from the app pane.
- Select Edit next to App information.
- Click on the listed file next to Select file to update.
Sign in to the Microsoft Intune admin center and choose Devices > Android > Android enrollment > Corporate-owned devices with work profile. Choose Create profile and fill out the fields. Name: Type a name that you'll use when assigning the profile to the dynamic device group.
Can you deploy Apps to an iOS device that is not enrolled in Microsoft Intune? ›Currently, you can assign iOS/iPadOS and Android apps (line-of-business and store-purchased apps) to devices that aren't enrolled with Intune. To receive app updates on devices that aren't enrolled with Intune, device users must go to their organization's Company Portal and manually install app updates.
Can you force iOS update with Intune? ›
You can use Microsoft Intune device configuration profiles to manage software updates for iOS/iPad devices that enrolled as supervised devices. Supervised devices are devices that enroll through one of Apple's Automated Device Enrollment (ADE) options.
What version of macOS does intune support? ›Apple. Intune requires iOS 14. x or later for device enrollment scenarios and app configuration delivered through Managed devices app configuration policies. For Intune app protection policies and app configuration delivered through Managed apps App configuration policies, Intune requires iOS 14.
How do I automatically add devices to Intune? ›Sign in to the Azure portal, and select Azure Active Directory > Mobility (MDM and MAM) > Microsoft Intune. Configure MDM User scope. Specify which users' devices should be managed by Microsoft Intune. These Windows 10 devices can automatically enroll for management with Microsoft Intune.