Earlier this year, Microsoft released the public preview of Intune DMG deployments to managed macOS devices. This has been very timly with the work I’m currently doing with macOS devices.

The documentation sets out how to do this, but I thought I would document my experiences with this type of deployment.

The first thing I gathered is the detection method.  This can be done in multiple ways.

If you have a macOS device, start by mounting the DMG image file

On the app, I right click and selected Show Package Contents

In the Contents folder, there should be an info.plist file.

This file contains the information required by Intune for the detection rules.

Open the info.plist file and gather the values of CFBundleIdentifier and CFBundleShortVersionString

Alternatively, run the following commands from terminal

_{defaults read /Volumes/Google\ Chrome/Google\ Chrome.app/Contents/Info.plist CFBundleIdentifier}

com.google.Chrome

_{defaults read /Volumes/Google\ Chrome/Google\ Chrome.app/Contents/Info.plist CFBundleShortVersionString}

100.0.4896.75

Note: The CFBundleIdentifier and CFBundleShortVersionString values are case sensitive and will cause errors in with the Intune deployment if not entered correctly.

If you don’t have a macOS device available, then I have found that using an app like 7-zip to extract the info.plist file from the DMG image file can work in most cases (This method doesn’t work for some apps e.g., Adobe Creative Suite and VLC Media Player)

Open the extracted info.plist file and search for the CFBundleIdentifier and CFBundleShortVersionString values.

Note these values down as they will be needed when creating the app in Intune.

In Intune, navigate to Apps – macOS and click Add

Select macOS app (DMG)

Navigate to the location of the DMG image file

Click OK

Enter the appropriate App Information

Select the appropriate Minimum operating system

This is where you need to enter the values obtained earlier for CFBundleIdentifier and CFBundleShortVersionString.

Enter the CFBundleIdentifier value in the App bundle ID field and the CFBundleShortVersionString value in the App version field.  Remember, this is case sensitive, so enter is exactly as it was displayed in the info.plist file.

In this example, I am using Google Chrome which auto updates, so I will also leave the Ignore app version set to Yes

I have created an Azure AD group for this deployment and will assign this App to it. 

Note: With DMG apps, only Required and Uninstall assignments are available.

Review and click on Create

The next time a macOS device with this app assigned to it syncs with Intune, the app will be installed.

You can also verify the install status in Intune

There are a number of notes and known issues documented here which I suggest you read.

Going forward, I really hope Microsoft look at APP extension type applications deploying from Intune (I use a combination of downloading from Azure Blob Storage and Shell Script to install these).

P.