top of page
Search

Deploying macOS Unmanaged PKG Applications using Intune

Writer's picture: Gareth OxendineGareth Oxendine
Sep 10, 20243 min read

Updated: Feb 2

There are two primary macOS application installer file extension types: DMG and PKG. Both can be deployed using Intune. There are three primary deployment methods. See below:

Selecting an application deployment type for macOS apps using Intune.




















In this article, I'll go into detail on the macOS app (PKG) deployment method, but see below for a quick summary of all the methods:

  • Line-of-business app: Deploy a simple .pkg application that is signed by an Apple Developer ID Installer certificate and installs one app in the /Applications folder.

  • macOS app (DMG): Deploy a disk image file (.dmg) that contains at least one or more .app files.

  • macOS app (PKG): Deploy a .pkg application that does not meet all of the requirements of the line-of-business app method.


Table of Contents


Line-of-Business vs macOS app (PKG)

Before we learn about the macOS app (PKG) deployment method, I wanted to discuss the differences between the line-of-business and macOS app (PKG) deployment methods.


Both deployment methods are strictly for deploying PKG installers, so what is the difference? See below for a quick comparison of the two. Knowing the differences can help you choose which one to use.

Criteria

Line-of-Business

macOS app (PKG)

Application install destination

/Applications

does not matter

Apple Developer Certificate Signature Required?

yes

no

Max Installer File Size

2 GB

8 GB

PKG must contain a payload

yes

no

Can be uninstalled using Intune's Uninstall assignment method?

yes

no

Managed vs Unmanaged PKGs

Microsoft refers to the line-of-business app deployments as managed and the macOS app (PKG) as unmanaged. What is the difference?


What is a managed PKG? See the definition below:

A macOS LOB app can only be installed as managed when the app distributable contains a single app without any nested packages and installs to the /Applications directory. -- Microsoft

Managed PKGs can be uninstalled using Intune's uninstall assignment method.


What is an unmanaged PKG? In short, an unmanaged PKG does not meet all of the criteria of a managed PKG. If a PKG contains multiple applications or if the PKG does not install the application to the /Application folder, then it is considered unmanaged. (Note that if a PKG contains multiple sub-PKGs and Intune detects multiple bundleIDs, you can use the trashbin icon in a line-of-business app deployment to remove them.)


Unmanaged PKGs cannot be uninstalled using Intune's uninstall assignment method.


Steps to Deploy a macOS app (PKG)

Selecting the macOS app (PKG) deployment type for macOS apps using Intune.

  • Launch Endpoint Manager (Intune).

  • Select Apps in the left-hand menu blade.

  • Select macOS.

  • Select +Add and then select macOS app (PKG).

  • Click Select.

Navigating to the PKG for the macOS app (PKG) deployment using Intune.

  • Click on Select app package file then select the folder icon to browse for the PKG.

  • Once uploaded, select Ok.


Adding the name, description, and publisher for the macOS pkg using Intune.

  • Enter a name, description, and publisher for the app.

  • Optionally, input values into the other fields.

  • Select Next.


Adding the pre-install and post-install script for the macOS pkg app deployment using Intune.

  • macOS app (PKG) deployments allow you to add a Pre-install script and/or Post-install script.

  • Pre-Install Script: If you provide a pre-install script, it must have an exit code of 0 for the app to be installed. If the pre-install script returns a non-zero exit code, the app installation is aborted.

  • Post-Install Script: The returned code for the post-install script does not affect the success/failure status of the application.


Select the ignore app version and modify the included apps for a macOS pkg app deployment using Intune.

  • Ignore App Version: each app that will be installed by the .pkg installer has an id value (CFBundleIdentifer). Intune uses this ID value to identify applications uniquely.

    • No: by selecting "no," Intune will check both the ID value (CFBundleIdentifer) of the installed application and its version number (CFBundleIdentifierShortString). If both values don't match what is in Intune then Intune will attempt to reinstall the application.

    • Yes: by selecting "yes," Intune only checks the ID (CFBundleIdentifer) value of the installed application. If it matches what is in Intune, then Intune marks the deployment as successful.

  • Included Apps

    • Re-order the list so that the main application is listed at the top. This will be the app listed in any application-related reports (drag applications down to re-order them).

NOTE:

Intune will automatically scan the PKG file for the CFBundleIdentifier and CFBundleShortVersionString keys. Delete any listing that is not an application or that won't be installed by the PKG.

Once done, select Next, choose the device assignment, and create the app deployment!


Troubleshooting macOS App (PKG) Deployments

If the application does not deploy as expected, try deploying a script using Intune's script feature instead. Click the link below to learn how:






Cover picture provided by FreePik

 
 
 

Comments

Recent Posts

Click the Heart to Like!

If this post is helpful,please click the heart at the bottom of the page. 

Follow us on LinkedIn!

We'd like to invite you to follow us on LinkedIn! Click the icon to follow.

Never Miss a Post. Subscribe Now!

Want to be notified whenever a new article is posted? Enter your email address and subscribe!

Thanks for submitting!

Donate to the Blog?

We hope the blog was helpful to you! If so, we'll take a donation as a form of thanks! :) 

© 2024 by DMTT. Powered and secured by Wix

$

Thank you for your donation!

bottom of page