How to add macOS line-of-business (LOB) apps to Microsoft Intune
Use the information in this article to help you add macOS line-of-business apps to Microsoft Intune. You must download an external tool to pre-process your .pkg files before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your .pkg files must take place on a macOS device.
Starting with the release of macOS Catalina 10.15, prior to adding your apps to Intune, check to make sure your macOS LOB apps are notarized. If the developers of your LOB apps did not notarize their apps, the apps will fail to run on your users' macOS devices. For more information about how to check if an app is notarized, visit Notarize your macOS apps to prepare for macOS Catalina.
While users of macOS devices can remove some of the built-in macOS apps like Stocks, and Maps, you cannot use Intune to redeploy those apps. If end users delete these apps, they must go to the app store, and manually re install them.
Before your start
You must download an external tool, mark the downloaded tool as an executable, and pre-process your .pkg files with the tool before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your .pkg files must take place on a macOS device. Use the Intune App Wrapping Tool for Mac to enable Mac apps to be managed by Microsoft Intune.
The .pkg file must be signed using “Developer ID Installer” certificate, obtained from an Apple Developer account. Only .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported.
Download the Intune App Wrapping Tool for Mac.
The Intune App Wrapping Tool for Mac must be run on a macOS machine.
Mark the downloaded tool as an executable:
- Start the terminal app.
- Change the directory to the location where
- Run the following command to make the tool executable:
chmod +x IntuneAppUtil
IntuneAppUtilcommand within the Intune App Wrapping Tool for Mac to wrap .pkg LOB app file from a .intunemac file.
Sample commands to use for the Microsoft Intune App Wrapping Tool for macOS:
This command will show usage information for the tool.
IntuneAppUtil -c <source_file> -o <output_file> [-v]
This command will wrap .pkg LOB app file to a .intunemac file.
IntuneAppUtil -r <filename.intunemac> [-v]
This command will extract the detected parameters and version for the created .intunemac file.
Step 1 - Specify the software setup file
- Sign in to Intune.
- On the Intune pane, choose Client apps.
- In the Client apps workload, choose Manage > Apps.
- Above the list of apps, choose Add.
- In the Add App pane, choose Line-of-business app.
Step 2 - Configure the app package file
- On the Add app pane, choose App package file.
- On the App package file pane, choose the browse button, and select an macOS installation file with the extension .intunemac.
- When you are finished, choose OK.
Step 3 - Configure app information
- On the Add app pane, choose App information.
- On the App information pane, add the details for your app. Depending on the app you have chosen, some of the values in this pane might have been automatically filled-in:
- Name - Enter the name of the app to be displayed in the company portal. Make sure all app names that you use are unique. If the same app name exists twice, only one of the apps will be displayed to users in the company portal.
- Description - Enter a description for the app to be displayed to users in the company portal.
- Publisher - Enter the name of the publisher of the app.
- Minimum Operating System - From the list, choose the minimum operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.
- Category - Select one or more of the built-in app categories, or a category you created. This makes it easier for users to find the app when they browse the company portal.
- Display this as a featured app in the Company Portal - Display the app prominently on the main page of the company portal when users browse for apps.
- Information URL - Optionally, enter the URL of a website that contains information about this app. The URL is displayed to users in the company portal.
- Privacy URL - Optionally, enter the URL of a website that contains privacy information for this app. The URL is displayed to users in the company portal.
- Developer - Optionally, enter the name of the app developer.
- Owner - Optionally, enter a name for the owner of this app, for example, HR department.
- Notes - Enter any notes you would like to associate with this app.
- Logo - Upload an icon that is associated with the app. This is the icon that is displayed with the app when users browse the company portal.
- When you are finished, choose OK.
Step 4 - Finish up
- On the Add app pane, verify that the details for your app is correct.
- Choose Add, to upload the app to Intune.
The app you have created appears in the apps list where you can assign it to the groups you choose. For help, see How to assign apps to groups.
If the .pkg file contains multiple apps or app installers, then Microsoft Intune will only report that the app is successfully installed when all installed apps are detected on the device.
Step 5 - Update a line-of-business app
- Sign in to the Azure portal.
- Select All Services > Intune. Intune is in the Monitoring + Management section.
- Select Client Apps > Apps.
- Find and select your app in the list of apps.
- In the Overview blade, select Properties.
- Select App package file.
- Select the folder icon and browse to the location of your updated app file. Select Open. The app information is updated with the package information.
- Verify that App version reflects the updated app package.
For the Intune service to successfully deploy a new .pkg file to the device you must increment the package
CFBundleVersion string in the packageinfo file in your .pkg package.
The app you have created is displayed in the apps list. You can now assign it to the groups you choose. For help, see How to assign apps to groups.
Learn more about the ways in which you can monitor the properties and assignment of your app. For more information, see How to monitor app information and assignments.
Learn more about the context of your app in Intune. For more information, see Overview of device and app lifecycles