How to Package PKG MacOS Apps for Company Portal

laptop and notepad for work

Today I want to talk about packaging MacOS apps for Company Portal. Namely because it’s something I’ve been revisiting lately and I hate when I forget all the steps. The process isn’t all that difficult, especially if you have created packages for Windows PC’s before. However, it is a little different, and because it is for Apple products, there are a few gotchas that you might not be prepared for.

It’s always been challenging being a MacOS user in a predominantly Windows environment. The two are just different, and they don’t always work well together in a business setting. This has been changing recently as more and more services move to the cloud. With cloud based IdP (Identity Providers) becoming the norm, data moving to the cloud, and SaaS (Software as a Service) applications being all the rage, the gaps between Windows and MacOS devices are getting smaller and smaller.

Since you are here reading this, chances are you are a Microsoft shop, and you have to figure out how to manage MacOS devices. Deploying applications is an important part of that management. For this post, we are going to look at how you can use Intune (MEM) to deploy MacOS apps to Company Portal, and make life easier for your MacOS users. Let’s dive in.

DISCLAIMER

Please understand that the content herein is for informational purposes only. This existence and contents shall not create an obligation, liability or suggest a consultancy relationship. In further, such shall be considered as is without any express or implied warranties including, but not limited to express and implied warranties of merchantability, fitness for a particular purpose and non-infringement. There is no commitment about the content within the services that the specific functions of the services or its reliability, applicability or ability to meet your needs, whether unique or standard. Please be sure to test this process fully before deploying in ANY production capacity, and ensure you understand that you are doing so at your own risk.

Table of Contents

Prerequisites
How to Package .PKG apps
How to Deploy .PKG apps
Conclusion

Prerequisites

So there are a few things you must have before you can package MacOS apps for Company Portal. These are the “gotchas” I was talking about above.

  • MacOS Device (Has to be a Macbook or Mac to be able to package apps for Intune)
  • Some knowledge of Terminal (not much as we will cover what you need here)
  • PKG Installer File

The MacOS device is clearly the hardest part about this. This is a requirement as these apps can’t be read by a Windows device, and will not work properly if you try to package them in Windows. There is a certificate signing process that happens that cannot work on a Windows PC. For the longest time, I tried it, and couldn’t figure out why it would never work for me. Turns out it works perfect on a Mac. So that is the biggest one.

If you have a Mac in your environment, hopefully there is a spare some where. If not, it might be worth investing in a cheap MacOS device, as it makes managing them in Intune MUCH easier. Testing on production devices rarely ends well, and its not a good practice to leave even a few of your devices unmanaged. This is especially true if you have a mature Endpoint Management program where all your Windows devices are well managed and maintained.

How to Package .PKG Installer for Intune

If you have ever used Intunewin Packager for Windows based applications, then this next section will be a breeze. This process is essentially identical, except that it must be done on a Mac machine. If you haven’t done this before, no problem. Follow along and you will have MacOS apps for Company Portal in no time.

Intune MacOS Wrapping Tool

  1. First, you need to download the Intune App Wrapping Tool for Mac.
  2. Next, you need to change the permissions on the downloaded IntuneAppUtil file for it to be executable.
    • Open Terminal
    • change Directory to where the app is located
      • cd Downloads/intune-app-wrapping-tool-mac-master
    • Change permissions on the IntuneAppUtil file
      • chmod +x IntuneAppUtil
  3. From here, I typically recommend opening a text editor or VS Code at this point to make it easier preparing the syntax. Plus, once you have the syntax right, you can just save the text file and use it any time you are packaging apps in the future. So open your text file and copy this text.
    • IntuneAppUtil -c <source_file> -o <output_directory_path> [-i] <package bundle Id> [-n] <package bundle version> [-v]
    • Required Arguments
      • “-c” is the full file path to the .pkg file you want to package
      • “-o” is the output destination for the final .intunemac file. (Unless you have somewhere specific it needs to be, I just leave this a “.” and it will make the package in the same directory where you are located
    • Optional Arguments
      • “-i” – used to specify the package bundle id – use if you get an error about not retrieving it automatically
      • “-n” – used to specify the package bundle version – use if you get an error about not retrieving it automatically
      • “-v” – used for detailed output. Helpful when troubleshooting.
  4. So if I am packaging the Mimecast for Mac installer, I have moved it into the same directory as the IntuneAppUtil executable. It looks like this:
Finder Window of Intune Packaging Tool
Finder Window of Intune Packaging Tool

My terminal will then look like this:

Terminal Window before Execution
Terminal Window before Execution

Now all I need to do is run the command and the installer will come out as an .intunemac file type.

Final Product Output
Final Product Output

How to Deploy PKG File Types in Intune

Now that we have our .Intunemac file it is time to upload this to Intune and make it available to our users in Company Portal.

  1. Navigate to Endpoint.Microsoft.com and get signed in.
  2. Click on Apps, and Choose MacOS
Intune Portal for MacOS Apps
Intune Portal for MacOS Apps
  1. From here, click Add, for App Type, Choose Line-of-Business app, and hit Select.
Choose App Type
Choose App Type
  1. Click on Choose File, navigate to the newly created installer package, and hit OK.
Select a MacOS Package for Company Portal
Select a Package
  1. Fill in all the appropriate details for your MacOS app. Company Portal is essentially an “App Store” for your users. The more effort you put into a description, and finding the appropriate image, the more professional and high quality the experience will be. This helps with user adoption and trust in the tools.
Details for MacOS app for Company Portal
Fill in all the Details!
  1. Next, you want to choose who is the app is available to or required for. In this instance, I am making it available, as it is not a required app, and only those folks who wish to use it will likely download it.
Deploy MacOS app for Company Portal
Assignment Screen
  1. Finally, wait until the file is uploaded fully, then check Company Portal for it to sync. Once you see it there, you are all finished and the app is ready for users. As always, it is best to test and confirm that it installs properly, but in general, .PKG files are pretty straight forward, and you shouldn’t have many issues.
Mimecast - MacOS App for Company Portal
Mimecast in Company Portal

Conclusion

That is all there is to it. if you have ever prepared Windows apps for deployment in Intune, then this should be pretty familiar. If not, then now you are prepared for that task as well. The main advantage of having MacOS Apps in Company Portal is the managed self-service aspects it provides. The ability to install approved applications in a controlled manner without having to call the Help Desk is ideal for everyone. Making this a useful experience helps get buy-in and support.

So, give this one a shot. I hope it goes well for you, and that you have learned plenty from this exercise. Look out for other posts talking about managing MacOS devices with Intune. It can be easily overlooked in predominantly Windows environments, but Mac devices need managed too.

Hit me up on Twitter @SeeSmittyIT to let me know what you thought of this post. Thanks for reading!

Smitty

Curtis Smith works in IT with a primary focus on Mobile Device Management, M365 Apps, and Azure AD. He has certifications from CompTIA and Microsoft, and writes as a hobby.

View all posts by Smitty →