Deploy PKG Apps on macOS devices using Intune
In this step-by-step guide, we will show you how to deploy PKG apps on macOS devices using Intune. You can use this enterprise deployment guide to add .pkg apps to Microsoft Intune and deploy them to macOS devices.
There are two app types available for macOS: .dmg and .pkg (they are basically extensions of apps). Most of the popular software vendors offer both .PKG and .DMG installers for macOS. Intune supports deploying both DMG and PKG apps to managed macOS devices. Refer to the following guide on how to deploy .DMG apps for macOS with Intune.
Intune supports deploying the PKG apps using the Microsoft Intune management agent for macOS devices. PKG-based applications are Installer packages that include all necessary scripts, metadata, and application components in a single.pkg file for installation.
Administrators can upload the PKG apps just like DMG apps or LOB apps and deploy them to macOS devices managed by Intune. To update a line-of-business app deployed as a .pkg file, you must increment the CFBundleShortVersionString of the .pkg file.
Note: In Intune Release August 2022, Microsoft removed the ability to upload wrapped .intunemac files in the Microsoft Intune admin center. You can now upload the .pkg files to the Microsoft Intune admin center.
Prerequisites for adding .PKG apps to Intune
Listed below are some important prerequisites for PKG app deployment in Intune:
- The .pkg file must satisfy the following requirements to successfully be deployed using Microsoft Intune.
- A .pkg file is a component package or a package containing multiple packages.
- The .pkg file does not contain a bundle, disk image, or .app file.
- The .pkg file is signed using a “Developer ID Installer” certificate, obtained from an Apple Developer account.
- The .pkg file contains a payload. Packages without a payload will attempt to re-install as long as the app remains assigned to the group.
- You must enroll your Mac devices in Intune before you can install PKG apps on them. Refer to this step-by-step guide that shows how to enroll macOS devices in Intune. If your organization has devices that run on iOS/iPadOS, you can use the following guide to enroll iOS/iPadOS device in Microsoft Intune.
- You’ll need a PKG app before you can upload it to Intune.
Steps to Deploy PKG Apps on MacOS devices using Intune
We will now go through the steps of deploying the .pkg apps in Intune for macOS devices. Note that you can use the same steps to add an unmanaged macOS PKG app to Microsoft Intune. This information will be covered in a separate article later.
Step 1: Download the PKG app
Before you upload the PKG app to Intune, you’ll first need a valid .pkg app. The software team at your company might have created a unique in-house app, or it might be a web-based app that users can download.
In this article, we will use the Google Chrome app as an example to demonstrate the PKG app deployment in Intune. The same steps are applicable if you want to deploy any other PKG apps with Intune. Google Chrome offers both PKG Universal Installer and DMG Universal Installer for macOS devices.
To get the installer, visit the download Chrome browser for your enterprise. Select the Mac as the operating system and download the PKG installer for Google Chrome. Make sure the selected Channel is ‘Stable‘. The browser now downloads the googlechrome.pkg installer on your computer.
Step 2: Add .PKG app package file to Intune
In this step, we will upload the PKG app to Intune for deployment:
- Sign in to the Microsoft Intune admin center.
- Go to Devices > Apps > macOS.
- To add a new PKG app, select +Add.
- Select the App Type as macOS app (PKG).
In the App package file pane, select the browse button. Then, select an macOS installation file with the extension .pkg. The PKG app details will be displayed. When you’re finished, select OK on the App package file pane to add the app.
The following details are populated in Intune when you add a .pkg package file to Intune:
- Name: GoogleChrome.pkg
- Platform: MacOS
- Size: 170.11 MiB
- MAM Enabled: No
Click OK to continue to the next step.
Step 3: Configure App information for .PKG app
On the App Information page, add the details for your PKG application. Depending on the app that you chose, some values in this pane might be automatically filled in. The app information that you specify here will be shown to users in the company portal on macOS.
You can specify the following details for PKG application file package:
- Name: Specify the name of the app.
- Description: Add a brief description about the .pkg app.
- Publisher: Google
- Category: Choose a relevant category for the app.
- Logo: When you upload the Google Chrome PKG app to Intune, the logo is not populated. You have to manually specify the logo if you require it. For more details about the logo size and requirements, refer to Configure Intune Portal Branding.
Click Next to continue.
Step 4: Configure PKG App OS Requirements
In this step, you must configure the OS requirements for installing the .pkg app. Click on the drop-down menu and select a minimum macOS version to install the application. Click Next.
Step 5: Configure Detection Rules for PKG App for macOS devices
In this step, you can configure the detection rules for the .pkg app applicable for macOS devices. When you add .pkg app package file to Intune, the detection rules are automatically populated for you. However, you can add additional detection rules if necessary.
Intune uses app bundle identifiers and version numbers to detect the presence of pkg apps on macOS devices. The detection rules populated for .pkg app in Intune include two main components:
- App bundle ID (CFBundleIdentifier)
- App Version (CFBundleShortVersionString)
If the above two parameters aren’t populated for the .pkg app, you may use the below procedure to find them:
- To locate the info.plist file for the PKG app, go to any macOS device that is installed with the same PKG application.
- Launch the Finder app on Mac and select the app. Within this folder, you’ll find a file known as info.plist.
- Open this file with default text editor and make a note of the CFBundleIdentifier and CFBundleShortVersionString values.
Ignore App version: This option is set to yes by default. You can configure this option by reading the information.
- If you want the app to be installed even if it is not found on the target device, select Ignore app version = Yes. If the app exists but the version number is different, it will be ignored and the app will not be deployed.
- If you want the app to be installed even if it is not found on the target device or if the app version you are deploying differs from the one already installed on the target device, select Ignore app version = No.
Step 6: Assign and Create PKG App in Intune
In this step, we will assign the .pkg app to device groups or user groups in Intune. On the Assignments tab, select and add the groups to whom you want to target this application. If you are deploying the PKG app for the first time, we recommend creating a pilot device group consisting of macOS devices. Once you find the deployments successful, you can then expand it to a larger group. Click Next.
On the Review + Create tab, review the values and settings you entered for the PKG app. When you are done, click Create to add the app to Intune. The Overview pane displays the newly created macOS PKG app.
Monitor PKG App Deployment in Intune
After you deploy pkg apps for macOS devices using Intune, the application will be first uploaded to Intune for deployment. Depending on the size of the application, it may take time to complete this process. In rare cases, the application upload may fail, and this can be resolved by re-uploading the application.
To monitor PKG app deployment in Intune, follow the steps below:
- Sign in to the Intune admin center.
- Navigate to Apps > macOS > macOS Apps.
- From the list of apps, select the PKG app to monitor.
There are two options that you see under Monitor: Device install status and User install status. If you have deployed the app to devices, select the Device install status to find status of deployment. If you have assigned the app to user groups, select the user install status option to find the deployment status.
From the screenshot below, we see the PKG app installation has succeeded on our MacOS devices. To find the devices or users that have successfully received the PKG application, review Device Install Status or User Install Status, respectively.
Sync Intune Policies on MacOS Devices
After you deploy PKG Apps on macOS devices using Intune, it’s time to sync the devices with Intune. You can either wait for the Intune policy refresh cycle to occur on macOS devices or manually trigger the sync. Refer to the following guide on how to sync Intune policies on MacOS devices.
By default, the MacOS device checks with Intune for the latest policies every 8 hours. The Intune management extension (IME) policy cycle is set to run every 60 minutes on macOS devices. If the macOS devices are offline, they will receive the most recent policies from Intune once they reconnect.
Troubleshooting PKG App installation failures
On some macOS devices, the .pkg apps may fail to install. There could be several reasons why PKG app deployment fails on certain macOS devices. In case you encounter issues with deployment, you must refer to the IntuneMDMDaemon.log and IntuneMDMAgent.log files. Take a look at this excellent guide for gathering Intune logs on macOS devices.
