A DMG (Disk Image) app is packaged within a disk image file with the extension .dmg. This format typically contains one or more individual applications in the form of .app files, which can be deployed on macOS devices through the Intune admin center.
A DMG file should be understood as an application distribution medium rather than an installer. It’s similar to the Windows ISO file format. To deploy an application to macOS devices using Intune, you can download the .dmg file for the application from the vendor’s website and create a deployment within the Intune platform.
Not all applications on the internet may have a .dmg file available for download. However, if you have the .app file but not the .dmg file, you can use the Disk Utility application on a macOS device to create a disk image file (DMG).
This can be done by opening the DMG image file, adding the .app files, and then saving the DMG. This process allows you to create a distributable DMG file for deployment even when the application vendor does not provide it.
Step-by-Step guide
Table of Contents
Prerequisites
- macOS devices must be enrolled into Intune.
- DMG application max file size is 2GB.
- It requires an Intune management agent on macOS.
For demonstration purposes, I will take an example of Google Chrome App.
While we’re using the Google Chrome application as an example, the steps outlined in this blog post can be applied to deploy any other DMG application using Intune. Let’s check the steps:
STEP 1 – Download DMG Installer
You can visit the software vendor’s website to locate the DMG Installer for macOS devices and then download it. As our Example app is Google Chrome, We will visit the link: Google Chrome DMG app and select DMG from the File type drop-down. Click on Download.
STEP 2 – Create an App Deployment
To create an App deployment on the Intune admin center, follow the below steps:
- Sign in to the Intune admin center.
- Click on Apps > macOS > macOS apps.
- Click on + Add to start the deployment creation.
- App type: macOS app (DMG).
- Click on the Select button to proceed.
App Information tab
To start, click on the Select app package file to choose the .dmg application installer. Locate the app package file, then click the OK button to proceed.
- Name: Provide a unique name of the application.
- Description: Describe the application.
- Publisher: Provide the publisher’s name.
The remaining information is optional. Nevertheless, if you have all the details about this application, it can help other team members better understand it and could prove useful in troubleshooting any issues that may arise.
Requirements
In the requirements tab, select Minimum operating system as a condition for application installation. Click on Next to proceed.
Detection rules
In the Detection rules tab, Select Ignore app version to Yes or No based on the below criteria:
- Select Ignore app version = Yes if you want the app installed when it’s not found on the target device. If the app is already there but the version number is different, it will be ignored, and the app will not be deployed.
- Select Ignore app version = No if you want the app to be Installed when it is not found on the target device or if the app version you are deploying differs from the one already installed on the target device.
In general, when deploying a self-updating application such as Google Chrome or Zoom, you should set Ignore the app version to Yes.
Please note that If you have disable AutoUpdate setting for self-updating apps, then can set Ignore app version to No. I have provided more detail about it in my other blog post: How to deploy Zoom using Intune.
Note
In the Included apps section, please supply the App bundle ID (CFBundleIdentifier) and the App version (CFBundleShortVersionString) information for the app. To retrieve these details, you can install the Google Chrome DMG file (the same one you intend to deploy through Intune) on a test Mac device and then use the following commands in the macOS terminal to obtain this information:
defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleIdentifier
defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleShortVersionString
If you’d rather not use the macOS terminal to gather this information, you can also utilize the Finder app to locate the Info.plist file for Google Chrome. Here are the steps to find this file:
- Go to Finder > Go > Go to Folder…
- Search for /Applications/Google Chrome.app/Contents/ path.
- Double-click on the searched path to find Info.plist file in the Contents folder.
- Double-click on the file and search for
CFBundleIdentifier
andCFBundleShortVersionString
values in the file.
- Once you’ve collected all the required information, please enter it in the Detection Rules tab, click Next, and proceed.
Assignments
- Click on Add group to add an Entra security goup containing macOS devices.
Review + create
Review the deployment and click on Create to start the deployment process.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
Monitor Deployment Progress
You can monitor the application deployment from the Intune admin center by navigating to Apps > macOS > selecting the specific application. The Overview page will display the installation status, similar to what is shown in the screenshot below.
If you encounter issues or deployment failures, you can click Device install status or User install status to access more detailed information about the error description and error code, which can help you troubleshoot and resolve the problem.
End-user Experience
To check if the deployment is completed successfully, follow the below steps:
- Go to Finder > Go > Applications
- Look for the Google Chrome application icon to confirm the deployment.
macOS Intune deployment troubleshooting
If you encounter problems deploying the application, check the IntuneMDMDaemon*.log and IntuneMDMAgent*.log files for more information. For guidance on locating these files on a macOS device, refer to my other blog post titled How To Collect Intune Logs From a MacOS Device.
Conclusion
This blog post taught us how to deploy DMG apps on macOS devices through Intune. We used the Google Chrome application as an example, which is widely used in many organizations. After triggering the device check-in from the Company Portal app, the installation was completed within a few minutes.