How to Deploy DMG Apps for Company Portal – MacOS

macbook pro keyboard

So in the previous post, we talked about using Intune (MEM) to deploy PKG apps for MacOS. Now it is time to discuss how to deploy DMG apps. Now that is a lot of acronyms in a short period of time. Let’s take a look below to understand the difference a little better between these different types.

Types of MacOS Apps to be Deployed

There are two main methods of deploying MacOS apps we will talk about. This happens because there are different types of applications to be deployed to MacOS. In Windows, we have “.exe” and “.msi” formats are the most common. In MacOS, those most common ones are “.pkg” and “.app”.

  • .PKG Type – This is the most common, and is most similar to a “.exe” type. May contain multiple steps, scripts or files within the package
  • .APP Type – I think of this being similar to a “portable app” in Windows. With these file types, they just get copied directly into the Applications folder, and run without an installation process.

What about “DMG” types you say? Well DMG is really more of a storage device, similar to an ISO in Windows. When an application comes packaged in a DMG, you are really just mounting that DMG file, and then executing the application from there. The DMG file type can contain either of the previously mentioned file types, and can be used to more easily transport application files. Here is a better break down if you want more information about the different types for MacOS. Otherwise, this should be all you need to deploy these DMG apps for Endpoint Manager.

If you missed it, you can check out the post about deploying PKG files in the previous post. However, if you are are here to talk about APP and DMG files, then read on!

DISCLAIMER

Please understand that the content herein is for informational purposes only. This existence and contents shall not create an obligation, liability or suggest a consultancy relationship. In further, such shall be considered as is without any express or implied warranties including, but not limited to express and implied warranties of merchantability, fitness for a particular purpose and non-infringement. There is no commitment about the content within the services that the specific functions of the services or its reliability, applicability or ability to meet your needs, whether unique or standard. Please be sure to test this process fully before deploying in ANY production capacity, and ensure you understand that you are doing so at your own risk.

Table of Contents

Prerequisites
How to Create DMG Files
How to Deploy DMG Files
Conclusion

Prerequisites

Here are a few things you MUST have before you can deploy DMG apps for Company Portal in MacOS.

  • MacOS Device (Has to be a Macbook or Mac to be able to package apps for Intune)
  • Some knowledge of Terminal (not much as we will cover what you need here)
  • APP Installer File (If yours is contained within a DMG, no problem!)

The MacOS device is clearly the hardest part about this. A portion of this post will talk about creating a DMG file, which can only be done properly on a MacOS Device. So this can be challenging, but is the best way to deploy these APP files. If you have MacOS devices in your environment, hopefully there is a spare some where. If not, it might be worth investing in a cheap MacOS device, as it makes managing them in Intune MUCH easier.

Testing on production devices rarely ends well, and its not a good practice to leave even a few of your devices unmanaged. This is especially true if you have a mature Endpoint Management program where all your Windows devices are well managed and maintained.

Additionally, now that Apple is making its own processors, you must consider whether or not you have the right version of the app for the right MacOS build. Some APP files only work with Intel silicon, whereas some will work with both. For any environment that supports both processor types, you will want to have an Azure group that separates the two in case the app you are deploying doesn’t work for both processors.

Some are also universal, so it is important to ensure you understand what version you have any what you need. The example in this post is Visual Studio Code, which has both an Intel Silicon version, and a Universal Version. We are using the universal version in this case.

How to Create DMG File

With Microsoft Endpoint Manager (MEM), you can’t natively deploy APP files (yet…) to Company Portal for employees. Since they run more like portable apps, they need something to act as a container to deploy them. This is why you need to package APP files before deploying them with Endpoint Manager. Enter the Apple Disk Image (DMG). Since this is similar to the ISO for Windows, it makes sense that you can add installation files to make it easier for transport. However, sometimes your APP file will not come pre-packaged in a DMG, so you need to make one. Let’s learn how to deploy DMG apps with Endpoint Manager.

Step by Step Process

  1. On your Mac, open Disk Utility. Choose File -> New Image –> Blank Image.
new black DMG image
New Blank Image
  1. Give your disk image a name (VS Code in this example) and choose a location to save this file. Ensure the storage size is large enough to fit the APP file you are looking to deploy. Then hit OK.
DMG metadata
Disk Utility Settings
  1. Now, the Image File is saved to the location you chose. Navigate to that location, and open that DMG Image file (double click or CTRL + Click –> Open). This will mount this disk image, and you can open the drive to add files.
newly created DMG image
Mounted .DMG Disk Image
  1. Now, navigate to where you have the APP file saved, and copy it into this mounted disk image you created. If there are other files that need to move with the installer, move those as well. Once you have moved everything into the mounted image, you can close it. CTRL + Click the drive on the desktop, and choose Eject “VS Code”.
eject DMG image
Eject the Disk

Thats it! We now have our APP file uploaded to a DMG disk image, and it is ready to be uploaded to Endpoint Manager.

How to Deploy DMG Apps

  1. First, you need to sign into Microsoft Endpoint Manager
  2. From there, go to Apps –> MacOS and click ADD
  3. Choose “MacOS app (DMG)” and hit Select
deploy DMG apps
Select MacOS (DMG)
  1. On the next screen, select an app package, and upload the DMG file we just created for VS Code. Hit OK, and fill in the next screen with all the necessary details. (The more you fill out this page, the more polished the final product will look).
upload DMG apps
Upload the DMG File
  1. Once you fill out all the details, hit Next.
details for DMG apps
Details Page for Company Portal

Get Specifics about the app

  1. This next part will be a little technical, so bear with me. We need to pull some information from the original file, to fill out the next few screens. Open Finder, and navigate to the original “visual studio code.app” file that we uploaded to the DMG. If you are starting out with a preconfigured DMG file then you will need to mount it, and perform these steps on the APP file inside.
  2. CTRL + Click and choose “Show Package Contents”.
DMG metadata details
Collect the finer Details
  1. You should see a contents folder, open that, and CTRL + Click the Info.plist file, and open it into VS Code or the Built in text editor.
text editor choice
Open Info.plist
  1. From here we will need to keep this open as we collect information for Endpoint Manager to deploy and detect this app. Back over in Endpoint Manager, we see it is asking for the “Minimum Operating System“. Over in our text editor, we can find the Minimum Operating System level under “LSMinimumSystemVersion“. In this case it is “10.11.0”, in Endpoint Manager we can choose “MacOS High Sierra 10.13“, and hit Next.
APP metadata
Minimum Operating System Level
  1. On the next page, we are looking for “CFBundleIdentifier” and “CFBundleShortVersionString” to aid with detection of the app. you can do a Command + F in your text editor to search for these specific fields. Copy the values into Endpoint Manager, in the appropriate fields.
APP metadata
Text Editor Fields

Now an important note, you can tell to ignore the version if (and only if) the version isn’t going to change, or if the identifier changes every time. Otherwise, it is best to check no in this section so that versioning will be considered when deploying an app. From there, hit Next.

APP metadata version
Metadata for VS Code
  1. From here, you can assign the app to the appropriate group, and deploy. Monitor the progress, and I recommend including yourself in the group so you can see what the users will see when the app is in Company Portal.
confirmation page for deployment
Confirmation Page

Conclusion

From here you should now see the app show up on the devices of the users in the group you deployed the DMG file to. I recommend testing this thoroughly before using in any production capacity. As of this writing, this feature is still in preview, so it isn’t technically recommended for production use anyway. However, you can get a head start and begin testing this feature out to decide if it will work for you. Adding the ability to deploy DMG apps for MacOS users increases the functionality of Endpoint Manager and is sure to make both admins and users alike happy. I hope this works great for you in your testing, and that you got a lot our of this post.

Hit me up on Twitter @SeeSmittyIT to let me know what you thought of this post. Thanks for reading!

Smitty

Curtis Smith works in IT with a primary focus on Mobile Device Management, M365 Apps, and Azure AD. He has certifications from CompTIA and Microsoft, and writes as a hobby.

View all posts by Smitty →