Only.pkg files may be used to upload macOS LOB apps to Microsoft Intune. However, conversion of other formats, such as.dmg to.pkg is supported. For more information about converting non-pkg application types, see How to deploy DMG or APP-format apps to Intune-managed Macs. As we know, in order to deploy apps with Intune on macOS the app needs to be a signed.pkg file wrapped into a.intunemac file. From Adobe Admin console we can create a pkg file containing the Adobe CC app or other Adobe apps if needed. Unfortunately this file is not signed, and multiple forum threads confirm that signing them is not supported. We've not been able to get the web link apps working quite how we want them to though. They just deploy as a link in the Intune widget when we want them to appear as an app icon. It's odd because when adding the app in the Intune Admin portal it asks for an App Icon but then doesn't use it.
Before directing users to register their Mac computers with Azure Active Directory (Azure AD), it is necessary to deploy Microsoft's Company Portal app.
Deploying the Company Portal app involves the following steps:
Download the Company Portal app from Microsoft.
Upload the Company Portal app to Jamf Pro as a package.
(Optional) Identify Mac computers that do not have the Company Portal app installed.
Deploy the Company Portal app to Mac computers.
On a Mac computer, download the current version of the Company Portal app for macOS from the Microsoft website.
Important: Do not install it, you need a copy of the app to upload to Jamf Pro.
The CompanyPortal_Installer.pkg file can be downloaded from: https://go.microsoft.com/fwlink/?linkid=862280
Upload the Company Portal app to a distribution point in Jamf Pro.
In Jamf Pro, navigate to Settings > Computer Management > Packages.
Create a new package that includes the Company Portal app and click Save.
In Jamf Pro, navigate to Computers > Smart Computer Groups.
Create a new smart group that identifies Mac computers that do not have the CompanyPortal.app from Microsoft installed.
Click Save.
In Jamf Pro, navigate to Computers > Policies and create a policy that deploys the Company Portal app to users.
Use the General payload to configure the following settings:
For Trigger, select 'Enrollment Complete' and 'Recurring Check-in'.
For Execution Frequency, select 'Once per computer'.
Select the Packages payload, and then click Configure.
Click Add for the package that includes the Company Portal app.
Configure the settings for the package.
Specify a distribution point for Mac computers to download the package from.
Click the Scope tab to specify Mac computers on which the Company Portal app should be installed.You may also use the smart computer group created in step 3.
Click Save.
Note: The policy runs on Mac computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.
Managing Packages
Find out how to create a package and upload a file to a distribution point in Jamf Pro.
Smart Computer Groups
Find out how to create smart groups in Jamf Pro.
When a device (iOS, Android, Mac, Windows) is enrolled into Mobile Device Management (MDM) to Microsoft Endpoint Manager (Intune), applications can be pushed to that device. These apps can be custom line of business (LOB), apps from a public marketplace i.e. Apple App Store, Google Play Store, Microsoft Store), win32 (Windows only),etc.
In this blog we will cover how to push an app to an iOS/iPadOS device using Microsoft Endpoint Manager. This is assuming a device is already enrolled (for instructions on how to enroll, see this blog)
What apps can be pushed to an iOS/iPadOS device?
The following apps can be pushed to an iOS/iPadOS device:
- Apple App Store apps
- Web links
- Built-In Apps
- Line of Business Apps
For more information see Add apps to Microsoft Intunehttps://docs.microsoft.com/en-us/mem/intune/apps/apps-add
Add app to Microsoft Endpoint Manager
Browse to https://endpoint.microsoft.com and navigate to Apps -> iOS -> iOS Apps
Click Add -> choose iOS Store App and click Select. Notice the other app types under Other.
Intune App Deployment Android
Click Search the App Store
Type in the name of the app you want to push. For demonstration purposes in this blog I will search for Microsoft Edge. When finished, click Microsoft Edge then click Select
On the App Information tab click Next
On scope tags click Next (if you want to learn more about scope tags see this article)
For demo purposes, we are going to deploy this app to all users. Intune/Microsoft Endpoint Manager is intelligent to know that if you are on an iOS/iPadOS device to push the app, but if you are on an Android device to not push the app.
You can also create a security group (recommend practice) add the users to that group and then assign that group, or create a dynamic device security group and assign to devices.
On Add App screen click Add all users under Required then click Next
Note: If I select yes on Uninstall on device removal then when the device is removed from MDM enrollment, this app (Microsoft Edge) will be uninstalled from the user’s device)
On Review + create click Next
Time to Test!
On my iPad, within a few moments I will see a dialog box appear prompting permissions to install the app.Tap Install.
On the home screen the app will be installed
It’s that easy!
Confirm App Deployment from Intune/Microsoft Endpoint Manager
Let’s go back to Microsoft Endpoint Manager, and where we left off was on the Microsoft Edge app screen. (You can also get here by browsing to Apps -> iOS -> Microsoft Edge)
Clicking on Device Install Status will show the app is now installed on the iPad
Intune App Deployment Ios
IMPORTANT: It can take up to 60 minutes for the installation status to be updated in the portal.