A cool feature of Azure AD is Access review. It can be used for many things to control Azure AD group membership. One of the things I will be using it for is to control licenses and help to provide self service license management.
With Access Review we can control how often the users or owners are prompted to re-validate if the still need access to the group. This can be weekly, montly, quarterly or yearly. Once this period is over the users will be prompted via email to review their access to the group. We can even control what behavior will happen if the fail to do so.
As we know, in order to deploy apps with Intune on macOS the app needs to be a signed .pkg file wrapped into a .intunemac file.
From Adobe Admin console we can create a pkg file containing the Adobe CC app or other Adobe apps if needed. Unfortunately this file is not signed, and multiple forum threads confirm that signing them is not supported.
So how do we get around that? I was searching around to find a proper solution. I couldn’t find anyone who had come up with a solution, so I decided to find one my self. What if we don’t sign the Adobe CC pkg file it self but wrap it into another pkg file and run the Adobe CC pkg as a postscript? I did that and it’s actually working!
Creating the package on Adobe Admin Console