In this post, let’s discuss how to deploy DMG apps in macOS using Intune. We will go through a quick overview of what is a DMG app, the types of app extensions used in macOS, and how to create a disk image file. Also, we will discuss the different settings that can be configured while deploying DMG apps in Intune.
Our last blog post discussed, how to collect Intune logs from Mac Device. The diagnostic logs include device and user details, and device connectivity logs. These are helpful logs for Intune admins to troubleshoot the logs and fix the issue.
To start with app types in macOS, there are 2 app types of extension used very often .dmg and .pkg app types. A DMG app is a disk image file that contains one or more applications within it. Many common apps in macOS are available in DMG format.
The DMG file must contain one or more files with .app extensions. DMG files containing other types of installer files will not be installed.
A DMG file can contain a single app or multiple apps files that may be dependent on each other. The containing application files can be listed under the Included apps section in the Detection rules tab in order to start with the parent app to be used in reports.
It is not recommended that multiple apps which are not dependent on each other should be installed using the same DMG file. If multiple independent apps are deployed using the same DMG file, failure to install one app will cause other apps to be re-installed.
- Best Antivirus For Windows 11 Microsoft Defender | App Browser Protection | Firewall Protection
- 3 Ways To Configure Microsoft Defender Antivirus Policies For Windows 11 Using Group Policy Intune Policy
To install a DMG app in macOS, we should have the following requirements:
- macOS Devices must be managed by Intune.
- DMG app should be less than 2GB.
- Microsoft Intune management agent for macOS should be installed on the device.
Deploy sample DMG App macOS Devices
So as a sample app, we are deploying Google Chrome on managed macOS devices using Intune, Let’s follow the steps mentioned below to create an Application deployment profile in Intune portal for macOS devices.
- Sign in to the Microsoft Intune admin center https://endpoint.microsoft.com/.
- Select Apps > All apps > Add, or you can navigate to Apps > macOS > macOS Apps.
- On the Select app type pane, under other select macOS apps (DMG) and click Select.
Once you click on the Select button from the above page, you will be redirected to the App Information page where we need to upload the DMG app.
We have downloaded the Chrome DMG app from the Google Chrome enterprise site.
Channel – Stable
File type – DMG universal installer
To upload an app package file:
- In the Add app pane, click Select app package file.
- In the App package file pane, click the browse button, and select a file with a .dmg extension. The app details will be displayed.
- Once uploaded, select OK on the App package file pane to add the app as shown below.
To Set app information
- In the App information page, add the details of the uploaded app.
- Name: Enter the name of the app
- Description: Enter the description about the app.
- Publisher: Enter the name of the publisher of the app.
- Category: Select a category that has been created by the organization.
- Information URL (Optional): The URL of a website can be entered.
- Privacy URL (Optional): The URL of a website that contains privacy information can be entered.
- Developer (Optional): enter the app developer name.
- Owner (Optional): enter the owner of this app, if required.
- Notes (Optional): Enter any notes regarding the app, if required.
- Logo (Optional): Upload an icon that shows the logo of the app uploaded.
- Click Next to set the requirements.
Here we can set the minimum operating system required to install the app.
Minimum Operating System: From the list, we have chosen the minimum operating system version as macOS Ventura.
Set Detection rules
Detection rules can be helpful in how an app installation is detected on a managed macOS device.
Ignore app version: As Chrome often gets a monthly version upgrade, we have set Yes (As apps that are automatically updated by the app developer can be set as Yes, however, to set app bundleID and version number before installation, select No
Included apps: Here the apps that are contained in the dmg file need to be uploaded.
To upload the exact bundleID and app version, the below commands can be run in the terminal.
To get the bundle ID :
defaults read /Applications/Google Chrome.app/Contents/Info.plist CFBundleIdentifier
To get the App version :
defaults read /Applications/Google Chrome.app/Contents/Info.plist CFBundleShortVersionString
Select scope tags
On the next page, Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.
On the next page, select Assignments group and click Next.
Assignment Group: It determines who has access to any app, policy, or configuration profile by assigning groups of users to include and exclude.
Set Review & Create
On the Review+create page, before publishing, review all the settings in case anything need to be changed, or else click on create the policy.
Once the application deployment policy is created, it will take a few minutes to get pushed to the targeted devices in the selected group; also, we can manually install the app from the macOS device, by launching the company portal app and running check status.
To see all the device statuses, Navigate to Apps > under macOS. Click on the selected app, and on the Overview page, you may see the Application deployment status.
Also, we can view the per-user and per-device status under every App Deployment Profile.
Device Status: On this page, we can see a list of devices that the Antivirus policy has been pushed and how many of them are shown as Succeeded, Conflict, Error, and Not-Applicable.
User Status: On this page, we can see a list of users associated under Intune and push with the Antivirus setting policy and how many of them are showing as Succeeded, Conflict, Error, and Not-Applicable.
- Enroll macOS in Intune with Step by Step Guide
- Configure macOS Compliance Policy in Intune for Devices
How to check if the sample app is deployed on the mac
Once the app gets pushed to the list of macOS devices, it may take a few minutes to reflect on the end user’s device. Once the user successfully logs in to the device, we can follow the steps below to check the app installation status.
- Click on the Go button on the menu bar at the top left corner
- Click on Applications
- You can view the no. of apps installed on the device
- To view the installed app, double-click on the app icon below
While deploying DMG apps, you may face some difficulties with some restrictions or limitations, here are a few of the issues identified for help.
|For DMG App deployment, Available for enrolled devices is not available; however, only Required and Uninstall assignment is supported for now.
|Unable to collect logs during preview
|The log collection feature on macOS DMG apps is unavailable at the time of preview.
|Errors might not show details during preview
|A few of the errors may only show “Failed” status with an error code and not provide much additional details
|App upgrade fails to install
|Updating an app that has the same bundle ID or the same name as an existing app may fail to install
|DMG apps report once after deployment
|Assigned DMG app reports back only on initial deployment.
|Some DMG apps may display warning at launch
|Apps downloaded from the internet and deployed directly using Intune may show a warning to users at the time of launch.
End-users can click “Open” to continue using the app
|Some app icons may not display immediately after install
|Some app icons may take few minutes of time for display after install
|Monitoring reports only show error code
|Failed app installations only show error codes, which needs to be troubleshooted with help of IT Admins
Organizations can use Intune as an MDM platform to push the core apps on macOS devices and simultaneously can prevent any cyberattacks on the device but not allow any app installed from the internet.
Snehasis Pani is currently working as a JAMF Admin. He loves to help the community by sharing his knowledge on Apple Mac Devices Support. He is an M.Tech graduate in System Engineering.