Hey everyone! This week we have created an article about how to Install Fonts on macOS using Intune. We’ll show the easy steps to download the specific fonts needed for all the devices managed by an organization. This can be performed by deploying a shell script deployment on Intune, So let’s get started!
In order to help organizations meet their standardization policies, we understand the importance of having required standard fonts installed on managed devices. However, we also understand the challenge this presents for IT admins who are using Intune to deploy on corporate devices.
That’s why we developed a shell script that simplifies this task. Our shell script allows IT admins to download the required fonts from the organization’s online servers, if available, and save them in
/Library/Fonts folder on the Mac.
By implementing this solution, IT admins can effortlessly ensure that all managed Mac devices have the necessary fonts installed, ensuring compliance with the organization’s font standards.
I highly recommend reading my previous article on the Best Enhancements in Microsoft Intune to Manage Apple Devices before we begin discussing the topic at hand. The article delves into 10 enhancements in the Microsoft Intune MDM Solution that have had a significant impact on the management of Apple devices for organizations and their end-users, resulting in a more streamlined IT support process and an improved end-user experience.
If you’ve been following my articles about managing macOS devices with Microsoft Intune MDM Solution, you’re probably aware of the benefits it can provide. I invite you to explore my other posts on the matter to broaden your knowledge by checking out all my posts here.
Additionally, I would also like to talk about my latest video, which covers the topic of upgrading to macOS Sonoma and introduces some new features that can streamline your work process and help users achieve better results in less time, improving end-user productivity.
Install and use Fonts in macOS Manually
Understanding the process for installing fonts in macOS is crucial before we deploy the shell script. Once we have a clear understanding of the process, we can create a script that will ensure the correct installation method is implemented.
We can take advantage of the easy-to-use font installation mechanism in macOS by simply dragging and dropping new fonts into the designated folder located in
/Library/Fonts or Font Book. The new font will then be available to use after relaunching the application.
Note! macOS supports TrueType (.ttf), Variable TrueType (.ttf), TrueType Collection (.ttc), OpenType and OpenType-SVG (.otf), and OpenType Collection (.ttc) fonts.
We were able to successfully install the
Aesthetic.otf font from the internet by following a few simple steps.
- Double-clicked on the downloaded sample font file to install.
- It Automatically launched Font Book, where we can view the list of available fonts.
- From there, we were able to easily navigate to the “install” button to add it to Font Book.
In addition, we can Download, Deactivate, Validate, Remove, and add fonts to various formats, such as PDF, modern, and web, to improve our workflow and productivity.
After we successfully installed the font, we can view it in the list of fonts after relaunching the TextEdit app under the Fonts section.
Note! When a user installs a font, Font Book automatically validates or checks the font getting installed for any errors. Font Book also reviews duplicate fonts.
Create a Shell Script to Download and Install Font in macOS
Without further ado, let’s delve into the steps to achieve this case. We’ll begin by creating a shell script with simple lines. We have created a shell script and saved it as a .sh file on our Mac. This can be edited according to the location and font name you want to deploy.
# Define variables
fonturl=”<Provide file URL>”
Fontdir=”Provide location to dowload font”
# start logging
exec 1>> $log 2>&1
# Download the Font
curl -L -o $
# Install the Font
Pre-Requisites for Shell Scripting
Before Admins create shell scripts and deploy them to macOS devices, they should also look into the prerequisites that should be met.
- MacOS versions supported on Big Sur or later
- Intune must manage the device
- Devices should be connected to direct Internet, as for now, proxy connections are not supported.
- Shell scripts begin with
#!and must be in a valid location ( e.g.,
- Command-line interpreters for the applicable shells should be installed.
Important Considerations Before Deploying Shell Scripts using Intune
IT admins need to be aware of the limitations and considerations before deploying shell scripts on end-user macOS devices. Before using shell scripts, it’s crucial to check the prerequisites. Here are some essential points to keep in mind:
- Microsoft Intune management agent must be installed to run shell scripts on a macOS.
- The scripts will run as separate processes and in parallel on devices.
- If you run the script as the signed-in user, it will execute for all currently signed-in users on the device at the time of the run.
- To execute scripts as a signed-in user, sign in to the device.
- If the script requires changes that a standard user account cannot make, root user privileges are necessary.
- Certain conditions, such as a full disk or tampered storage location, may cause shell scripts to run more frequently than the chosen script frequency.
- If the local cache is deleted or the Mac device restarts, the scripts will attempt to run again.
- If a shell script runs for over 60 minutes, it is stopped and reported as “failed.”
Deploy Script to Install Fonts on macOS using Intune
As we understood how to create shell scripts using Intune, Let’s start by understanding how to deploy a shell script by following these simple steps and getting started with your project.
- Sign in to the Microsoft Intune admin centre https://intune.microsoft.com/.
- Select Devices > macOS > Shell Scripts and click on Add to upload a new script.
Once you click on the Add button from the above page, Provide the Name and Description and click on Next.
Under the Script settings tab, upload the Script with the .sh extension, and once uploaded, you should be able to view the commands in the text window below. Once everything is set, please make sure to set the below settings as well.
- Run Script as Signed-in User: To run the script with the user’s credentials, select Yes. Or, to run the script as the root user, choose No (default option)
- Hide Script notifications on devices: Notifications for running scripts will appear on macOS devices, with a message from Intune about IT configuration
- Script Frequency: Select the script frequency. Choose “Not configured” for a one-time run (default option)
- Max number of times to retry the script: Select how often to run the script if it fails (not configured is the default).
To deploy the Shell script on HTMD Mac devices, we have selected the options below:
|Run Script as singed-in User
|Hide Script notifications on devices
|Every 1 Week
|Max number of times to retry if the script fails
Note! Fonts, by default, get installed in
~/Library/Fonts/, and are available for all users on a Mac.
Scope tags are filtering options provided in Intune to ease the admin jobs. In the scope tag section, you will get an option to configure scope tags for the policy. Click on Next.
On the next page, select Assignments group (Included groups and Excluded groups) and click Next.
Note! Assignment Group: It determines who has access to any app, policy, or configuration profile by assigning groups of users to include and exclude. In this case, we have selected All Devices under Assignments.
On the Review+create page, please review if any settings need to be changed, or else go ahead and create the Script.
Once the Shell Script is created, it will take a few minutes to get pushed to all the devices in the organization; also, to monitor the status of the list of targeted devices, we can check as per the below steps.
Monitor Deployed Script
To see if the script has been successfully pushed to all the devices and check its success and failure ratio, let us navigate to Devices > under macOS > Select Shell Scripts, once you see the script, click on the link and go to the Overview page to view the graphical format of User and Device Status with status shown under the category Succeded and Error.
Also, the same status also can be viewed in detailed format under the Monitor category. To check if the script ran successfully on the devices, click on Device Status, and we can get the status as Succeded or Error along with Device details, User Name, OS Version, and Last Updated Date and time stamp.
Once a script runs, it returns one of the following statuses:
- “Failed” script status indicates errors or improper execution due to a non-zero exit code or a malformed script.
- If marked as Success, the script has returned an exit code of zero.
Note! Regardless of the frequency chosen for the script, the status of the script’s initial run will be reported only. However, the status will not be updated for subsequent runs. If the script is updated, it will be treated as a new script, and the run status will be reported again.
To view User Status, we can get the status as Succeded or Error along with User details as shown in the below image.
End User Experience
After successfully pushing the installation script to all macOS devices in the organization, we checked to see what happens when the script runs. As instructed, it downloaded and installed the sample font on the device, and we can view it in all the apps on the end-user device.
Microsoft Intune is a powerful Mobile Device Management (MDM) solution that allows administrators to manage multiple platforms from a single portal. It provides a convenient and efficient approach to managing configurations, compliance, apps, devices, fonts, scripts, custom attributes, reporting, and more.
As we discussed earlier, Intune can be used to deploy organization-standard fonts on macOS devices. The platform constantly evolves with enhancements, and it values end-user feedback to improve the user experience.
When setting up MDM solutions for organizations, Solution Architects should consider the capabilities and feature enhancements that provide better device management across all platforms. By doing so, they can ensure a seamless experience for all end-users, which will help increase productivity and efficiency.
We are on WhatsApp now. To get the latest step-by-step guides, news, and updates, Join our Channel. Click here.
Snehasis Pani is currently working as a JAMF Admin. He loves to help the community by sharing his Apple Mac Devices Support knowledge. He is an M.Tech graduate in System Engineering. Do check out his profile on Twitter & Linkedin.