How to deploy DMG apps on macOS devices using Intune

A DMG (Disk Image) app is packaged within a disk image file with the extension .dmg. This format typically contains one or more individual applications in the form of .app files, which can be deployed on macOS devices through the Intune admin center.

A DMG file should be understood as an application distribution medium rather than an installer. It’s similar to the Windows ISO file format. To deploy an application to macOS devices using Intune, you can download the .dmg file for the application from the vendor’s website and create a deployment within the Intune platform.

Not all applications on the internet may have a .dmg file available for download. However, if you have the .app file but not the .dmg file, you can use the Disk Utility application on a macOS device to create a disk image file (DMG).

This can be done by opening the DMG image file, adding the .app files, and then saving the DMG. This process allows you to create a distributable DMG file for deployment even when the application vendor does not provide it.

How to deploy PKG apps on macOS devices using Intune

Step-by-Step guide


  • macOS devices must be enrolled into Intune.
  • DMG application max file size is 2GB.
  • It requires an Intune management agent on macOS.

For demonstration purposes, I will take an example of Google Chrome App.

While we’re using the Google Chrome application as an example, the steps outlined in this blog post can be applied to deploy any other DMG application using Intune. Let’s check the steps:

STEP 1 – Download DMG Installer

You can visit the software vendor’s website to locate the DMG Installer for macOS devices and then download it. As our Example app is Google Chrome, We will visit the link: Google Chrome DMG app and select DMG from the File type drop-down. Click on Download.

Download the DMG Installer file

STEP 2 – Create an App Deployment

To create an App deployment on the Intune admin center, follow the below steps:

  • Sign in to the Intune admin center.
  • Click on Apps > macOS > macOS apps.
  • Click on + Add to start the deployment creation.
  • App type: macOS app (DMG).
  • Click on the Select button to proceed.

App Information tab

To start, click on the Select app package file to choose the .dmg application installer. Locate the app package file, then click the OK button to proceed.

Click on blue folder Icon to browse to googlechrome.dmg file
Browse to the DMG Installer file
  • Name: Provide a unique name of the application.
  • Description: Describe the application.
  • Publisher: Provide the publisher’s name.

The remaining information is optional. Nevertheless, if you have all the details about this application, it can help other team members better understand it and could prove useful in troubleshooting any issues that may arise.


In the requirements tab, select Minimum operating system as a condition for application installation. Click on Next to proceed.

Detection rules

In the Detection rules tab, Select Ignore app version to Yes or No based on the below criteria:

  • Select Ignore app version = Yes if you want the app installed when it’s not found on the target device. If the app is already there but the version number is different, it will be ignored, and the app will not be deployed.
  • Select Ignore app version = No if you want the app to be Installed when it is not found on the target device or if the app version you are deploying differs from the one already installed on the target device.
Ignore App version
Ignore App version

In general, when deploying a self-updating application such as Google Chrome or Zoom, you should set Ignore the app version to Yes.

Please note that If you have disable AutoUpdate setting for self-updating apps, then can set Ignore app version to No. I have provided more detail about it in my other blog post: How to deploy Zoom using Intune.


In the Included apps section, please supply the App bundle ID (CFBundleIdentifier) and the App version (CFBundleShortVersionString) information for the app. To retrieve these details, you can install the Google Chrome DMG file (the same one you intend to deploy through Intune) on a test Mac device and then use the following commands in the macOS terminal to obtain this information:

defaults read /Applications/Google\ CFBundleIdentifier
defaults read /Applications/Google\ CFBundleShortVersionString
Find CFBundleIdentifier and CFBundleShortVersionString Information using macOS terminal
Find CFBundleIdentifier and CFBundleShortVersionString Information using the macOS terminal

If you’d rather not use the macOS terminal to gather this information, you can also utilize the Finder app to locate the Info.plist file for Google Chrome. Here are the steps to find this file:

  • Go to Finder > Go > Go to Folder…
  • Search for /Applications/Google path.
  • Double-click on the searched path to find Info.plist file in the Contents folder.
  • Double-click on the file and search for CFBundleIdentifier and CFBundleShortVersionString values in the file.
location of Info.plist
location of Info.plist
  • Once you’ve collected all the required information, please enter it in the Detection Rules tab, click Next, and proceed.
macOS DMG app deployment detection rules on Intune
macOS DMG app deployment detection rules on Intune


  • Click on Add group to add an Entra security goup containing macOS devices.
DMG app assignment from Intune admin center

Review + create

Review the deployment and click on Create to start the deployment process.

Sync Intune Policies

The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.

Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.

Monitor Deployment Progress

You can monitor the application deployment from the Intune admin center by navigating to Apps > macOS > selecting the specific application. The Overview page will display the installation status, similar to what is shown in the screenshot below.

If you encounter issues or deployment failures, you can click Device install status or User install status to access more detailed information about the error description and error code, which can help you troubleshoot and resolve the problem.

Monitor app deployment using Intune admin center
Monitor app deployment using the Intune admin center

End-user Experience

To check if the deployment is completed successfully, follow the below steps:

  • Go to Finder > Go > Applications
  • Look for the Google Chrome application icon to confirm the deployment.
Finder > Go > Applications
Finder > Go > Applications

macOS Intune deployment troubleshooting

If you encounter problems deploying the application, check the IntuneMDMDaemon*.log and IntuneMDMAgent*.log files for more information. For guidance on locating these files on a macOS device, refer to my other blog post titled How To Collect Intune Logs From a MacOS Device.

IntuneMDMDaemon*.log file shows Google chrome Installation on macOS Intune logs
IntuneMDMDaemon*.log file shows Google Chrome installation in macOS Intune logs


This blog post taught us how to deploy DMG apps on macOS devices through Intune. We used the Google Chrome application as an example, which is widely used in many organizations. After triggering the device check-in from the Company Portal app, the installation was completed within a few minutes.

Leave a Comment