In this blog post, I will show you how to deploy DMG apps on macOS using Intune. I will first download the DMG Installer of an app and then create an app deployment. Let’s check the steps:
A DMG (Disk Image) app is packaged within a disk image file with the extension .dmg. This format typically contains one or more individual applications in the form of .app files, which can be deployed on macOS devices.
A DMG file should be understood as an application distribution medium rather than an installer. It’s similar to the Windows ISO file format. Not all applications on the internet may have a .dmg file available for download. However, if you have the .app file but not the .dmg file, you can use the Disk Utility application on a macOS device to create a disk image file (DMG).
This can be done by opening the DMG image file, adding the .app files, and then saving the DMG. This process allows you to create a distributable DMG file for deployment even when the application vendor does not provide it.
About DMG app
Contents
Prerequisites
- macOS devices must be enrolled into Intune.
- DMG application must be smaller than 8 GB.
- Intune management agent must be installed on macOS.
Step 1: Download DMG App Installer
First step is to download DMG Installer of an app. For demonstration purpose, I will be using Google Chrome app. However, you can use the same steps to deploy any DMG app via Intune.
- Download Chrome browser DMG Installer: Download Link.
Step 2: Create DMG App Deployment on Intune
- Sign in to the Intune admin center > Apps > macOS > macOS apps.
- Click on + Add to start the deployment creation.
- App type: macOS app (DMG).
- Click on the Select button to proceed.
- App Information: Click on Select app package file and browse to the .dmg application installer file.
- Name: Provide a unique name of the application.
- Description: Describe the application.
- Publisher: Provide the publisher’s name.
Apart from the Name, Description, and Publisher, providing additional information is optional. However, including the rest of the details can help other team members in troubleshooting issues and also serve as app documentation.
Note
- Requirements: Select Minimum operating system as a condition for application installation. Click on Next to proceed.
- Detection rules: Select Ignore app version to Yes or No based on the below criteria:
- Select Ignore app version = Yes if you want the app installed when it’s not found on the target device. If the app is already there, but the version number is different, it will be ignored, and the app will not be deployed.
- Select Ignore app version = No if you want the app to be installed when it is not found on the target device or if the app version you are deploying differs from the one already installed on the target device.
In general, when deploying a self-updating application such as Google Chrome or Zoom, you should set Ignore the app version to Yes.
In some cases, you may choose to disable the autoupdating setting for an app to manage app updates only from Intune, then you can select Ignore app version to No.
Note
In the Included apps section, provide the App bundle ID (CFBundleIdentifier) and the App version (CFBundleShortVersionString) information for the app. To retrieve these details, Install the Google Chrome DMG file (the same one you intend to deploy via Intune) on a test Mac device and then use the following commands in the macOS terminal to obtain this information:
CFBundleIdentifier
defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleIdentifier
CFBundleShortVersionString
defaults read /Applications/Google\ Chrome.app/Contents/Info CFBundleShortVersionString
Alternatively, you can also get CFBundleIdentifier and CFBundleShortVersionString information from Info.plist file. Let’s check the steps.
- Go to Finder > Go > Go to Folder…
- Search for /Applications/Google Chrome.app/Contents/ path.
- Double-click on the searched path to find Info.plist file in the Contents folder.
- Double-click on the file and search for
CFBundleIdentifier
andCFBundleShortVersionString
values in the file.
- Once you’ve collected all the required information, please enter it in the Detection Rules tab, click Next, and proceed.
- Assignments: Click on Add group to add an Entra security goup containing macOS devices.
- Review + create: Review the deployment and click on Create.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
Monitor Deployment Progress
You can monitor the application deployment from the Intune admin center by navigating to Apps > macOS > selecting the specific application. The Overview page will display the installation status, similar to what is shown in the screenshot below.
If you encounter issues or deployment failures, you can click Device install status or User install status to access more detailed information about the error description and error code, which can help you troubleshoot and resolve the problem.
End User Experience
To check if the deployment is completed successfully, follow the below steps:
- Go to Finder > Go > Applications
- Look for the Google Chrome application icon to confirm the deployment.
macOS Intune deployment troubleshooting
If you encounter issues deploying the application, check the IntuneMDMDaemon*.log and IntuneMDMAgent*.log files for more information. For guidance on locating these files on a macOS device, refer to my other blog post titled Collect Intune Logs From macOS Devices.
Conclusion
In this blog post, we have learnt the steps to deploy a DMG app on macOS devices using Intune. As an example, we used Google Chrome app. However, the same steps can be applied to deploy any other DMG Installer app on macOS via Intune.