Typography is important for creating visually appealing and consistent designs. Font management is crucial when it comes to managing fonts on macOS devices. Sometimes, the default fonts on macOS don’t fit with your brand’s design, so you might want to install custom fonts that better match your company’s branding.
macOS devices support different font types like TrueType (.ttf), Variable TrueType (.ttf), TrueType Collection (.ttc), OpenType and OpenType-SVG (.otf), and OpenType Collection (.ttc) fonts.
You can deploy any of these font files on Intune-enrolled macOS devices. We will be using a Bash script to download Font files on a Mac device. But before we do that, You will require:
- A Font File in any of the supported formats mentioned above.
- The font file is stored in a publicly accessible location.
To securely store Font files that are publicly accessible, you can create an Azure Storage Container. However, you have the flexibility to use other locations such as SharePoint Online or Dropbox etc. if they provide public accessibility.
How to deploy fonts using Intune [Windows devices]Step-by-Step Guide
Table of Contents
Default Fonts Installation location on Mac
For Fonts Installation, there are two default locations. The first one is ~/Library/Fonts/ and the second one is /Library/Fonts/.
- ~/Library/Fonts/ – When you use this location, Fonts are only available to a particular user.
- /Library/Fonts/ – When you use this location, Fonts are available to any user on a Mac device.
In this blog post, we will learn about the steps to deploy fonts at /Library/Fonts/ location. This way, we will make sure that fonts are available to any user of a Mac device. Let’s check the steps:
STEP 1 – Copy the Font file to a publicly accessible location
To create a storage account using the Microsoft Azure portal, simply search for “Storage account” and select the “Create” option. Then, fill in the necessary details to complete the storage account creation process.
After creating an Azure Storage account, you can set up a container by navigating to the storage account, selecting “Containers,” and then clicking on “+ Container.”
Provide a name for the container and set the Public access level to “Blob” (anonymous read access for blobs only). This ensures that our Font file stored in this container can be publicly accessed.
Upload Font file to this location:
Click on the file to copy the Publicly accessible URL. You can test to confirm if the URLs are publicly accessible by opening an Incognito mode of a browser.
Now that we have a Publicly accessible URL for this Font file ready. Let’s proceed to the next step.
STEP 2 – Download the Shell script
For deployment of font file on macOS devices, I have created a shell script which you can download from my Github Repository and save the shell script file on your device.
- Visit the link: Download Shell script and download installFonts.sh file on your device.
STEP 3 – Update the Shell script
Update InstallFonts.sh script variables to point it to the correct font file storage location. I have highlighted the values which you need to modify.
- font_url = This is the publicly accessible URL which we copied in STEP 1
- Update the font file name where its highlighted in the screenshot below.
- Once you have completed all the changes, save this Shell script file.
STEP 4 – Deploy InstallFonts.sh Script
Now, let’s proceed to create a deployment in the Intune admin center to deploy the “installFonts.sh” shell script to macOS devices. When this script runs on the targeted device, it will download the font file from the Azure blob container to the /Library/Fonts location. Let’s go through the steps:
- Login on Microsoft Intune admin center
- Devices > macOS
- Click on Shell scripts under macOS policies
- Click on + Add to Add the script for deployment
Provide a Name and Description for this deployment. Click on Next to proceed.
- Name: Install a Custom Font file on macOS devices
- Description: Provide a useful description.
To upload the script, click on the blue folder icon and select the “install.sh” file.
- Run script as signed-in user: No (Script will run using root privileges)
- Hide script notifications on devices: Yes (No notifications will be shown to the users)
- Script frequency: Every 15 minutes (As I am currently testing this on a test macOS device, I have kept the Script frequency at 15 minutes. But once the test is completed successfully, you can change the script frequency to Every 1 day or Every 1 week).
- Number of times to retry if script fails : 3 (If script deployment fails, it will be tried 2 more times)
You can create a dynamic Azure AD group to gather all the macOS devices in your organization. Click on “Add groups” to include a group that comprises exclusively macOS devices. Click “Next” to continue.
Review + add
Review the deployment and then click on Add to deploy the shell script on targetted macOS devices.
Sync Intune Policies
The device check-in process might not begin immediately. If you’re testing this policy on a test device, you can manually kickstart Intune sync either from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on Windows devices. Another way to trigger the Intune device check-in process is by restarting the device.
Once the deployment process is completed, you can confirm the deployment on one of the target devices by following these steps:
- Go to Finder App > Go > Go to Folder..
- Search for /library/fonts path.
- Double-click on it to open.
- As shown in below screenshot, A custom font has been deployed on macOS devices successfully.
Verify Font Installation using TextEdit App
To further verify the deployment of this font file, you can open any application on your Mac device. For example: Let’s open TextEdit and verify if the font is now showing in the list.
macOS Intune troubleshooting
If you face any issues with application deployment, you can refer to IntuneMDMDaemon*.log and IntuneMDMAgent*.log files. To find out more information about how to locate these files on a macOS device, you can refer to my other blog post: How To Collect Intune Logs From MacOS Device.