In this post, I will show you how to deploy unmanaged macOS app using Intune. The steps help you to add unmanaged PKG-type applications to managed macOS devices in Intune Admin Center.
The Intune July Update enhanced the macOS App managing capability by supporting unmanaged PKG apps. You can now upload and deploy unmanaged PKG-type applications to managed macOS devices using the Intune MDM agent for macOS devices.
The addition of macOS app (PKG) features is helpful for you to deploy custom PKG installers, such as unsigned apps and component packages. Moving forward, deploy macOS apps by uploading and deploying unmanaged PKG-type installer files in Intune.
To add a custom or in-house app, upload the app’s installation file. Make sure the file extension matches the app’s intended platform. Intune supports (.pkg) extensions for macOS.
- Check Out Device Restriction Settings For MacOS Offered By Intune
- Turn Off Store Application Setting To Disable End User Access To Store Apps Using Intune Policy
Prerequisites for Unmanaged macOS PKG App
The following prerequisites must be met before an unmanaged macOS PKG app is installed on macOS devices.
- Devices are managed by Intune.
- The PKG file is smaller than 2GB in size.
- The Microsoft Intune management agent for macOS version 2308.006 or greater is installed.
- The PKG file successfully runs using the
installercommand in Terminal.
Important Considerations for Deploying PKG Apps
The unmanaged macOS PKG app type can install the following types of PKG apps:
- Non-flat packages with a hierarchical structure
- Component packages
- Unsigned packages
- Packages without a payload
- Packages that install apps outside
/Applications/ - Custom packages with scripts
Deploy Unmanaged macOS App using Intune
Follow the steps below to upload the .Pkg file for deploying unmanaged mac devices. To start with the Intune macOS app package creation, keep the downloaded filename.pkg installation file in the appropriate location.
- Sign in to the Intune admin center https://intune.microsoft.com/.
- Select Apps > All apps > Add, or you can navigate to Apps > macOS > macOS Apps.
To add a macOS application, upload the app’s installation file. Intune supports .pkg files. Intune also supported the line of business app for macOS with the .pkg extension. On the Select app type pane, under the Other app types, click on the macOS app (PKG) and click Select.
On the Add app pane, click Select app package file. Select the browse button. Then, select a macOS installation file with the extension .pkg. Once you select the app file, The app details appear with Name, Platform, and Size. When you are finished, select OK on the App package file pane.
Here specify the Name of the App (For Example – CrowdStrike FalconSensor), and Enter the description of the app. Enter the Publisher name. Upload an icon for the app. This icon is displayed with the app when users browse the company portal and click Next.
You can choose the minimum operating system required to install the app. Here you can select the option from the drop-down list.
You can use detection rules to choose how an app installation is detected on a managed macOS device.
Ignore app version: Select Yes to install the app if the app is not already installed on the device. This will only look for the presence of the app bundle ID. For apps that have an auto-update mechanism, select Yes. Select No to install the app when it is not already installed on the device, or if the deploying app’s version number does not match the version that’s already installed on the device.
Included apps: Provide the apps that are contained in the uploaded file. Included app bundle IDs and build numbers are used for detecting and monitoring app installation status of the uploaded file. Included apps list should only contain the application(s) installed by the uploaded file.
NOTE! Any other type of file that is not an application should be excluded from the Included apps list. If Included apps list contains files that are not applications or if all the listed apps are not installed, the app installation status does not report success.
Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the application. Click on Next.
Under Assignments, In Included groups, click Add groups, and you can select the Required group assignment for the app. Click Next to continue.
You will see the details you provided during the application creation process. Review your settings and select Create to add the app to Intune.
Here you will see the status Uploading is in progress, The upload time depends on the size of the application and the speed of internet connectivity.
Please wait some time to complete the upload process, and you can check the progress by clicking on the Notification icon. Once the package is uploaded and finished, you will get the status “Upload finished.”
To monitor the application installation, select the application, and here you can check the device and user check-in status. If you click on Device install status, additional details are displayed.
A macOS app deployed using Intune agent will not automatically be removed from the device when the device is retired. The app and the data it contains will remain on the device. It is recommended that the app is removed prior to retiring the device.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.