Deploy PKG Apps using Intune on macOS Devices
This article demonstrates the steps to deploy PKG apps using Intune on macOS devices. Intune simplifies the process of deploying PKG apps to macOS devices.
In our earlier article, we explained how to deploy DMG apps for macOS using Intune. Most of the apps available for macOS are either DMG or PKG. A DMG file is a disk image file that includes one or more applications. Whereas PKG-based applications are installer packages that include all necessary scripts, metadata, and application components in a single.pkg file for installation.
Most of the popular software vendors offer both .PKG and .DMG enterprise installers for Mac devices. After you enroll macOS devices in Intune, administrators can upload the PKG apps, just like DMG apps or macOS LOB apps, and deploy them to devices.
Ways to deploy PKG apps in Intune
Broadly, there are two ways to deploy PKG apps on macOS devices in Intune:
- Line-of-business app: You can select the app type as Line-of-business app in Intune, add a macOS PKG app, and deploy it.
- macOS app (PKG): Select the macOS app type as a PKG app for deployment.
If you are confused about what method you want to use to deploy the PKG app, we recommend using the macOS app (PKG) instead of the line-of-business app, as it is a straightforward and easy option.
Note: In Intune Release August 2022, Microsoft removed the ability to upload wrapped .intunemac files in the Microsoft Intune admin center. You can now directly upload the .pkg files to the Microsoft Intune admin center.
Prerequisites for Installing PKG apps with Intune
Listed below are some important prerequisites for macOS PKG app deployment in Intune:
- The .pkg file must satisfy the following requirements to successfully be deployed using Microsoft Intune.
- A .pkg file is a component package or a package containing multiple packages.
- The .pkg file does not contain a bundle, disk image, or .app file.
- The .pkg file is signed using a “Developer ID Installer” certificate, obtained from an Apple Developer account.
- The .pkg file contains a payload. Packages without a payload will attempt to re-install as long as the app remains assigned to the group.
- You must enroll your Mac devices in Intune before you can install PKG apps on them. Refer to this step-by-step guide that shows how to enroll macOS devices in Intune. If your organization has devices that run on iOS/iPadOS, you can use the following guide to enroll iOS/iPadOS device in Microsoft Intune.
- You’ll need to download the macOS PKG app before you can upload it to Intune.
Deploy PKG Apps using Intune on macOS devices
We will go through the steps that will help you deploy PKG apps using Intune. The entire deployment is broken down into steps so that it becomes easy to follow.
Step 1: Download the macOS PKG app
Before you upload the PKG app to Intune, you’ll first need a valid macOS PKG app. The software team at your company might have created a unique in-house PKG app, or it might be a web-based app that users can download.
In this article, we will use the Google Chrome app as an example to demonstrate the PKG app deployment in Intune. The same steps are applicable if you want to deploy any other PKG apps with Intune. Google Chrome offers both PKG Universal Installer and DMG Universal Installer for macOS devices.
To get the installer, visit the download Chrome browser for your enterprise. Select the Mac as the operating system and download the PKG installer for Google Chrome. Make sure the selected Channel is ‘Stable‘. The browser now downloads the googlechrome.pkg installer on your computer.
Step 2: Add PKG app package file to Intune
Use the following steps to upload the macOS PKG app to Intune for deployment:
- Sign in to the Microsoft Intune admin center.
- Go to Devices > Apps > macOS.
- To add a new PKG app, select +Add.
- Select the App Type as macOS app (PKG).
In the App package file pane, click on the browse button and then select an macOS PKG app file. The PKG app details will be displayed on the screen. When you’re finished, select OK on the App package file pane to add the app.
In our example, the following details are populated after uploading the pkg package file to Intune:
- Name: GoogleChrome.pkg
- Platform: MacOS
- Size: 170.11 MiB
- MAM Enabled: No
Click OK to continue to the next step.
Step 3: Configure App information for PKG app
On the App Information page, add the details for your macOS PKG application. Depending on the app that you chose, some values in this pane might be automatically filled in. The app information that you specify here will be shown to users in the company portal on macOS.
You can specify the following details for the macOS PKG app file package:
- Name: Specify the name of the app.
- Description: Add a brief description about the .pkg app.
- Publisher: Google
- Category: Choose a relevant category for the app.
- Logo: When you upload the Google Chrome PKG app to Intune, the logo is not populated. You have to manually specify the logo if you need it. For more details about the logo size and requirements, refer to Configure Intune Portal Branding.
Click Next to continue.
Step 4: Configure OS Requirements
In this step, you must configure the OS requirements for installing the macOS pkg app. Click on the drop-down menu and select a minimum macOS version to install the application. Click Next.
Step 5: Configure Detection Rules for PKG App
In this step, you can configure the detection rules for the .pkg app applicable for macOS devices. When you add the PKG app package file to Intune, the detection rules are automatically populated for you. However, you can add additional detection rules if necessary.
Intune uses app bundle identifiers and version numbers to detect the presence of pkg apps on macOS devices. The detection rules populated for .pkg app in Intune include two main components:
- App bundle ID (CFBundleIdentifier)
- App Version (CFBundleShortVersionString)
If the above two parameters aren’t populated for the macOS PKG app, you may use the below procedure to find them:
- To locate the info.plist file for the PKG app, go to any macOS device that is installed with the same PKG application.
- Launch the Finder app on Mac and select the app. Within this folder, you’ll find a file known as info.plist.
- Open this file with the default text editor and make a note of the CFBundleIdentifier and CFBundleShortVersionString values.
Ignore App version: This option is set to yes by default. You can configure this option by reading the information.
- If you want the PKG app to be installed even if it is not found on the target device, select Ignore app version = Yes. If the app exists but the version number is different, it will be ignored and the app will not be deployed.
- If you want the PKG app to be installed even if it is not found on the target device or if the app version you are deploying differs from the one already installed on the target device, select Ignore app version = No.
Click Next to continue.
Step 6: Assign and Create PKG App in Intune
In this step, we will assign the PKG app to device groups or user groups in Intune. On the Assignments tab, select and add the groups to whom you want to target this application. If you are deploying the PKG app for the first time, we recommend creating a pilot device group consisting of macOS devices. Once you find the deployments successful, you can then expand them to a larger group. Click Next.
On the Review + Create tab, review the values and settings you entered for the PKG app. When you are done, click Create to add the app to Intune. The Overview pane displays the newly created macOS PKG app.
Monitor macOS PKG App Deployment in Intune
After you deploy pkg apps for macOS devices using Intune, the application will be first uploaded to Intune for deployment. Depending on the size of the application, it may take time to complete this process. Re-uploading the application can fix a failure to upload the application in rare instances.
After assigning the PKG app to your macOS devices, Intune administrators can monitor the deployment using the following steps:
- Sign in to the Intune admin center.
- Navigate to Apps > macOS > macOS Apps.
- From the list of apps, select the PKG app to monitor.
There are two options that you see under Monitor: Device install status and User install status. If you have deployed the app to devices, select the Device Install Status to find the status of deployment. If you have assigned the app to user groups, select the user install status option to find the deployment status.
From the screenshot below, we see the PKG app installation has succeeded on our MacOS devices. To find the devices or users that have successfully received the PKG application, review Device Install Status or User Install Status, respectively.
Sync Intune Policies on MacOS Devices
After deploying the PKG apps on macOS devices using Intune, it’s time to sync the devices with Intune. You can either wait for the Intune policy refresh cycle to occur on macOS devices or manually trigger the sync. Refer to the following guide on how to sync Intune policies on MacOS devices.
By default, the MacOS device checks with Intune for the latest policies every 8 hours. The Intune management extension (IME) policy cycle is set to run every 60 minutes on macOS devices. If the macOS devices are offline, they will receive the most recent policies from Intune once they reconnect.
Troubleshooting PKG App installation failures
On some macOS devices, the .pkg apps may fail to install. There could be several reasons why PKG app deployment fails on certain macOS devices. In case you encounter issues with deployment, you must refer to the IntuneMDMDaemon.log and IntuneMDMAgent.log files. Take a look at this excellent guide for gathering Intune logs on macOS devices.
Updating PKG Apps with Intune
To update a line-of-business app deployed as a .pkg file, you must increment the CFBundleShortVersionString of the .pkg file. This will ensure the PKG app is updated to the latest version based on the configuration you’ve specified.
Recommended Reading
Take a look at some useful articles related to application deployment with Intune.