Typography is important for creating visually appealing and consistent designs. Font management is crucial when it comes to managing fonts on macOS devices. Sometimes, the default fonts on macOS don’t fit your brand’s design, so you might want to install custom fonts that match your company’s branding better.
macOS devices support different font types like TrueType (.ttf), Variable TrueType (.ttf), TrueType Collection (.ttc), OpenType and OpenType-SVG (.otf), and OpenType Collection (.ttc) fonts.
You can deploy any of these font files on Intune-enrolled macOS devices. We will use a Bash script to download Font files on a Mac device. But before we do that, You will require:
- A Font File in any of the supported formats mentioned above.
- The font file is stored in a publicly accessible location.
To securely store publicly accessible Font files, you can create an Azure Storage Container. However, you can use other locations, such as SharePoint Online or Dropbox, if they provide public accessibility.
How to deploy fonts using Intune [Windows devices]
Step-by-Step Guide
Table of Contents
Default Fonts Installation location on Mac
There are two default locations for font installation:/Library/Fonts/ and/Library/Fonts/.
- ~/Library/Fonts/ – Fonts are only available to a particular user when you use this location.
- /Library/Fonts/ – When you use this location, Fonts are available to any user on a Mac device.
This blog post will guide us on deploying fonts at /Library/Fonts/ location. This way, we will ensure that fonts are available to any Mac device user. Let’s check the steps:
STEP 1 – Copy the Font file to a publicly accessible location
To create a storage account using the Microsoft Azure portal, search for Storage account and select the Create option. Then, fill in the necessary details to complete the process.
After creating an Azure Storage account, you can set up a container by navigating to the storage account, selecting Containers, and then clicking + Container.
Provide a name for the container and set the Public access level to Blob (anonymous read access for blobs only). This ensures that our Font file stored in this container can be publicly accessed.
Upload Font file to this location:
Click on the file to copy the Publicly accessible URL. You can test to confirm if the URLs are publicly accessible by opening an Incognito browser mode.
- https://cloudinfrasa01.blob.core.windows.net/fonts/JulieRegular.ttf
Now that we have a Publicly accessible URL for this Font file ready. Let’s proceed to the next step.
STEP 2 – Download the Shell script
I have created a shell script for deploying font files on macOS devices. You can download it from my Github Repository and save the shell script file on your device.
- Visit the link: Download Shell script and installFonts.sh file on your device.
STEP 3 – Update the Shell script
Update the InstallFonts.sh script variables to the correct font file storage location. I have highlighted the values that you need to modify.
- font_url = This is the publicly accessible URL which we copied in STEP 1
- Update the font file name to where it’s highlighted in the screenshot below.
- Once you have completed all the changes, save this Shell script file.
STEP 4 – Deploy InstallFonts.sh Script
Now, let’s create a deployment in the Intune admin center to deploy the installFonts.sh shell script to macOS devices. When this script runs on the targeted device, it will download the font file from the Azure blob container to the /Library/Fonts location. Let’s go through the steps:
- Sign in to the Intune admin center.
- Devices > macOS.
- Click on Shell scripts under macOS policies.
- Click on + Add to Add the script for deployment.
Basics Tab
Provide a name and description of this deployment. Click on Next to proceed.
- Name: Install a Custom Font file on macOS devices
- Description: Provide a useful description.
Script settings
To upload the script, click the blue folder icon and select the install.sh file.
- Run script as signed-in user: No (Script will run using root privileges)
- Hide script notifications on devices: Yes (No notifications will be shown to the users)
- Script frequency: Every 15 minutes (As I am currently testing this on a test macOS device, I have kept the Script frequency at 15 minutes. But once the test is completed successfully, you can change the script frequency to Every 1 day or Every 1 week).
- Number of times to retry if script fails : 3 (If script deployment fails, it will be tried 2 more times)
Assignments
You can create a dynamic Entra security group to gather your organization’s macOS devices. Click on Add groups to include a group exclusively comprised of macOS devices. Click Next to continue.
Review + add
Review the deployment and click Add to deploy the shell script on targetted macOS devices.
Detailed guide on deploying shell scripts on macOS
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Restarting the device is another way to trigger the Intune device check-in process.
End-user Experience
Once the deployment process is completed, you can confirm the deployment on one of the target devices by following these steps:
- Go to Finder App > Go > Go to Folder.
- Search for /library/fonts path.
- Double-click on it to open.
- The screenshot below shows that A custom font has been successfully deployed on macOS devices.
Verify Font Installation using TextEdit App
To further verify the deployment of this font file, you can open any application on your Mac device. For example, let’s open TextEdit and verify if the font is now showing on the list.
macOS Intune troubleshooting
If you face any application deployment issues, refer to IntuneMDMDaemon*.log and IntuneMDMAgent*.log files. To find out more information about locating these files on a macOS device, refer to my other blog post: How To Collect Intune Logs From MacOS Device.
