Hello there! Today’s exciting topic is the new feature in Intune version 2308 that enables the Deploy macOS Web App. If you’re unfamiliar with web apps, don’t worry; we’re here to elaborate on them. Furthermore, we’ll provide the steps by deploying a sample web app for you to try out. Are you ready? Let’s begin!
If you haven’t checked out, Last week, we published an article on How to Setup a Wi-Fi Profile for macOS devices using Intune, It covers What is a Wi-Fi setting and the different types of Wi-Fi settings available in Intune. We even deployed a sample Wi-Fi profile that showcases many of these settings.
The latest Intune release 2308 updates are packed with many useful features, such as Remote Help for Android, New RBAC Permission for Android, Updates for Compliance Policies and Reports, Improved User Experience, Defender Update Controls, and ADE for iOS/iPadOS. If you don’t want to miss out on the details, Check out our article Intune August Update 2308 New Features Improvements.
A web app is a type of application that a user can access directly through their web browser, which is super convenient because the user doesn’t have to download anything locally on the Mac. There are many advantages to using web apps in a production environment, we’ll discuss their use and purpose below.
- Check out Device Restriction Settings for macOS Offered by Intune
- How to Create Custom Attributes for macOS using Intune
What is a Web App? Its Advantages and Limitations
A Web app is a client-server app where the server provides the user interface, content and functionality. The web app is managed separately and can be accessed by assigning specific user groups through the Microsoft Company portal on the device. End users can pin the apps on the dock for macOS devices.
As web apps do not get installed on the device locally and occupy any space, web-hosting platforms nowadays are very useful for end-users, and they offer many advantages, such as:
- More Web apps can be used as it doesn’t occupy space on the device.
- Provides good security preventing data sharing.
- Web Apps can be made available for BYOD Devices without installing any apps on the personal device.
- If the particular web app is made available by the publisher, only then can it be pushed on the MDM platform.
- Few settings or configurations are available in the web app, however, get installed with the Full Version of the App.
Note! Also, on the latest release of macOS Sonoma, a user can manually create web apps in Safari, which will be discussed in detail in the next posts.
Deploy macOS Web App
Now we will see how we can deploy a macOS Web App using Intune. Let’s follow the steps below to deploy a sample app in Intune on macOS.
- Sign in to the Microsoft Intune admin center https://intune.microsoft.com/.
- Select Apps > All Apps> Add, or navigate to Apps > macOS > macOS Apps.
- On the Select app type pane, select macOS web clip under Web Application and click Select.
Edit App Information
On the App Information page, mention the mandate and optional fields as per the details provided by organisations.
|Name of the Setting||Description||Value|
|Name||Enter the name of the web app, which should be displayed in the company portal and on the dock.||Microsoft 365 Apps|
|Description||It should consist of all the details regarding the app|
This Web App will show all the M365 Apps that are available for users as per the license type provided
|Publisher||Enter the name of the publisher||Microsoft|
|App URL ( Optional)||Enter the website address that needs to be launched by the user||https://www.office.com/apps|
|Category ( Optional)||Select the category according to the type of Web App||1. HTMD Core Apps|
2. Other apps
3. Books & Reference
4. Data management
7. Development & Design
8. Photos & Media
9. Collaboration & Social
10. Computer management
|Show this as a featured app in the company portal app ( Optional)||The app will be shown in the company portal > Apps if set as Yes, and won’t be available if set as No.||Yes / No|
|Information URL ( Optional)||Admin may provide web app-related information URL, which will be available in the company portal||NA|
|Privacy URL ( Optional)||Admin may provide a URL which consists of information on the app’s privacy settings and terms, which will be available in the company portal||NA|
|Developer ( Optional)||Provide the name of the Developer.||NA|
|Owner ( Optional)||The name of the Organisation, with Support contact details, can be mentioned here.||NA|
|Notes ( Optional)||App-related additional information can be mentioned here.||NA|
|Logo ( Optional)||Add the logo/ icon of the web app||Microsoft 365 logo|
Select Scope Tags
On the next page, Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.
On the next page, select Assignments group and click Next.
Set Review & Create
On the Review+create page, before publishing, review all the settings in case anything needs to be changed, or else click the Create button to create and deploy the web app successfully.
- Enroll macOS in Intune with Step by Step Guide
- Configure macOS Compliance Policy in Intune for Devices
Once the application deployment policy is created, it will take a few minutes to get pushed to the targeted devices in the selected group. Launch the company portal app and run check status to get the web app pushed on the macOS device manually.
Monitor App Deployment Status
To see all the device statuses, Navigate to Apps > under macOS. Click on the selected app, and on the Overview page, you may see the Application deployment status.
Also, we can view the per-user and per-device status under every App Deployment Profile.
Device Status: On this page, we can see a list of devices that the Web app has deployed and how many of them are in status as Installed, Failed, or Pending. The device status consists of details such as :
|UPN (User Primary Name)|
|Last modified time|
User Status: This page shows a list of users associated under Intune and deployed with the Web app Details as shown below.
|UPN (User Primary Name)|
- Manage macOS Login Background App Experience Using Intune
- Configure FileVault Encryption for macOS Devices using Intune
End User Experience
Once the app gets deployed to all the targeted macOS devices, it may take a few minutes to reflect on the end user’s device. Once the user successfully logs in to the device, should be able to see the web app as pinned on the dock as per the below screen.
Also, we have made the app available in Self-service so that users can launch it from the Company Portal app with the option Open with browser.
So As shown below, when we try to launch the web app, it launches the M365 Web Apps Site using the default browser ( in our case, it was Safari) as we have already setup MS Enterprise SSO, it doesn’t ask for User Credentials. If you want to setup MS Enterprise SSO, check out my article: Setup MS Enterprise SSO plug-in for Apple macOS
Also, the default web browser can be set by going to System Settings > Destop & Dock > Default web browser
Lastly, I would mention that there may be many benefits of using a web app instead of installing it directly on a device, which prevents the need for high space and RAM usage on devices that may have had difficulty using M365. However, it’s important to note that admins can only push web apps that are already available from the publisher. Some settings or configurations may only be found in the full app installation rather than the web app version.
- Easy Method to Force Safari Patch Updates on MacOS Using Intune
- Configure Device Restriction Settings for macOS Devices using Intune
Snehasis Pani is currently working as a JAMF Admin. He loves to help the community by sharing his Apple Mac Devices Support knowledge. He is an M.Tech graduate in System Engineering.