Controlling licenses with Azure AD Groups, Access Review and Self Service group management

A cool feature of Azure AD is Access review. It can be used for many things to control Azure AD group membership. One of the things I will be using it for is to control licenses and help to provide self service license management.

With Access Review we can control how often the users or owners are prompted to re-validate if the still need access to the group. This can be weekly, montly, quarterly or yearly. Once this period is over the users will be prompted via email to review their access to the group. We can even control what behavior will happen if the fail to do so.

The goal

Continue reading

HOWTO: Installing Adobe Creative Cloud with Microsoft Intune on macOS

As we know, in order to deploy apps with Intune on macOS the app needs to be a signed .pkg file wrapped into a .intunemac file.

From Adobe Admin console we can create a pkg file containing the Adobe CC app or other Adobe apps if needed. Unfortunately this file is not signed, and multiple forum threads confirm that signing them is not supported.

So how do we get around that? I was searching around to find a proper solution. I couldn’t find anyone who had come up with a solution, so I decided to find one my self. What if we don’t sign the Adobe CC pkg file it self but wrap it into another pkg file and run the Adobe CC pkg as a postscript? I did that and it’s actually working!

Creating the package on Adobe Admin Console

Continue reading

Packaging and signing macOS apps for distribution with Intune

Disclaimer: I’m by no means a macOS guy, I’m a Windows guy and have always been :-). There might be things in this post that can be done smarter or in another way – if so, please let me know.

As stated on, in order to distribute apps to macOS, they need to be in .pkg format and converted to the .intunemac format. Furthermore the .pkg file needs to be signed with a Apple Developer certificate.

 Quote from docs:

The .pkg file must be signed using “Developer ID Installer” certificate, obtained from an Apple Developer account. Only .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported.

But what if we need to distribute an app there’s is not in the AppStore or is not in a signed .pkg file? Then we’ll have to repackage it with a packaging tool. I’m using an app called packages. Let me show it and explain.


Continue reading