Packaging and signing macOS apps for distribution with Intune

Disclaimer: I’m by no means a macOS guy, I’m a Windows guy and have always been :-). There might be things in this post that can be done smarter or in another way – if so, please let me know.

As stated on docs.microsoft.com, in order to distribute apps to macOS, they need to be in .pkg format and converted to the .intunemac format. Furthermore the .pkg file needs to be signed with a Apple Developer certificate.

 Quote from docs:

The .pkg file must be signed using “Developer ID Installer” certificate, obtained from an Apple Developer account. Only .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported.

But what if we need to distribute an app there’s is not in the AppStore or is not in a signed .pkg file? Then we’ll have to repackage it with a packaging tool. I’m using an app called packages. Let me show it and explain.

Prerequisites

Continue reading

How to setup Android Zero Touch Corporate-owned, fully managed user devices with Intune

Just a quick step-by-step guide on how the configure Android Zero Touch with Intune.

Why

Why do we want to use Corporate-owned, fully managed user devices? In order to give the user an out-of-box experience that automatically enrolls devices into our MDM solution, just like Apple DEP but for Android Enterprise devices. Also, it gives a less confusing user experience, as we only have a work profile and not a private AND work profile, like we do with personal owned android devices.

Of course this is still a preview feature in Intune, and context is subject to change.

Prerequisites

  • A compatible device running Android Oreo (8.0) or Pixel phone with Android Nougat (7.0), purchased from a reseller partner
  • Intune licenses
  • A Login to the Android Zero Touch portal provided by your reseller ( https://partner.android.com/zerotouch)
Continue reading

Logon scripts in Intune

Quick and simple tip on how to get a Logon script like experience with Intune. On Azure AD joined devices, there’s currently no option to create Logon/Logoff or Startup/Shutdown script like we can with GPOs. I had a customer that needed a solution to start a command file as admin everytime the user signed on to the device.

There’s a workaround – Use Scheduled Tasks to create tasks that runs on Log On, and runs with Administrator rights / Local System if needed. It’s a very simple Powershell script, that created a scheduled task:

  • Create the scheduled task
  • Runs at Logon
  • Runs with Local SYSTEM account
  • Runs a command specified (in this example it runs a .cmd file that requires administrative rights. The .cmd file is already present on the devices – a software vender has placed it here)
Continue reading