NoteWhile users of macOS devices can remove some of the built-in macOS apps like Stocks, and Maps, you cannot use Intune to redeploy those apps. If end users delete these apps, they must go to the app store, and manually re install them. Before your startYou must download an external tool, mark the downloaded tool as an executable, and pre-process your.pkg files with the tool before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your.pkg files must take place on a macOS device.
Use the Intune App Wrapping Tool for Mac to enable Mac apps to be managed by Microsoft Intune. ImportantEnsure that the argument does not contain spaces before running the IntuneAppUtil commands.IntuneAppUtil -hThis command will show usage information for the tool.IntuneAppUtil -c -o -vThis command will wrap.pkg LOB app file to a.intunemac file.IntuneAppUtil -r -vThis command will extract the detected parameters and version for the created.intunemac file.Select the app type. Sign in to the. Select Apps All apps Add. In the Select app type pane, under the Other app types, select Line-of-business app. Click Select. The Add app steps are displayed.Step 1 - App information Select the app package file.
In the Add app pane, click Select app package file. In the App package file pane, select the browse button. Then, select an macOS installation file with the extension.intunemac.The app details will be displayed. When you're finished, select OK on the App package file pane to add the app.Set app information. In the App information page, add the details for your app. Depending on the app that you chose, some of the values in this pane might be automatically filled in.
Name: Enter the name of the app as it appears in the company portal. Make sure all app names that you use are unique. If the same app name exists twice, only one of the apps appears in the company portal. Description: Enter the description of the app. The description appears in the company portal. Publisher: Enter the name of the publisher of the app. Minimum Operating System: From the list, choose the minimum operating system version on which the app can be installed.
Apr 04, 2018 Intune.Training - Episode 1 - Setting up your Microsoft Intune Tenant - Duration: 51:36. How to Install and Configure zebra barcode printer - Duration: 10:46.
If you assign the app to a device with an earlier operating system, it will not be installed. Category: Select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the company portal. Show this as a featured app in the Company Portal: Display the app prominently on the main page of the company portal when users browse for apps. Information URL: Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal. Privacy URL: Optionally, enter the URL of a website that contains privacy information for this app.
The URL appears in the company portal. Developer: Optionally, enter the name of the app developer. Owner: Optionally, enter a name for the owner of this app. An example is HR department.
Notes: Enter any notes that you want to associate with this app. Logo: Upload an icon that is associated with the app.
This icon is displayed with the app when users browse through the company portal. Click Next to display the Scope tags page.Step 2 - Select scope tags (optional)You can use scope tags to determine who can see client app information in Intune. For full details about scope tags, see. Click Select scope tags to optionally add scope tags for the app. Click Next to display the Assignments page.Step 3 - Assignments. Select the Required, Available for enrolled devices, or Uninstall group assignments for the app.
For more information, see and. Click Next to display the Review + create page.Step 4 - Review + create.Review the values and settings you entered for the app.When you are done, click Create to add the app to Intune.The Overview blade for the line-of-business app is displayed.The app you have created appears in the apps list where you can assign it to the groups you choose. For help, see.
NoteIf the.pkg file contains multiple apps or app installers, then Microsoft Intune will only report that the app is successfully installed when all installed apps are detected on the device. Update a line-of-business app.
Sign in to the. Select Apps All apps. Find and select your app from the list of apps.
Select Properties under Manage from the app pane. Select Edit next to App information. Click on the listed file next to Select file to update.
The App package file pane is displayed. Select the folder icon and browse to the location of your updated app file. The app information is updated with the package information. Verify that App version reflects the updated app package. NoteFor the Intune service to successfully deploy a new.pkg file to the device you must increment the package version and CFBundleVersion string in the packageinfo file in your.pkg package. Next steps.The app you have created is displayed in the apps list.
You can now assign it to the groups you choose. For help, see.Learn more about the ways in which you can monitor the properties and assignment of your app.
For more information, see.Learn more about the context of your app in Intune. For more information, seeRelated Articles.
Sounds like problems with the initial MSI Install job via EnterpriseDesktopAppManagement CSP:see here:MSI/ ProductID/Status Status of the application.In the registry at HKLMSOFTWAREMicrosoft EnterpriseDesktopAppManagement you can find the Status according to the CSP site above.T ry to figure out this status - Download error or what else and correlate with your machine and environment (may there be a proxy issue?). In the past Intune followed a retry logic. I give an example: try it 3 times with timeout of 10 min and then fail.
If failed, Intune tried it again in 7 days (the 7 days setting after fail was fix in the past, maybe this interval is lowered now but I don't now, registry suggests that this is changed). So again the values above are examples based on registry values for the logic! I do not know if this is correct as I do not have documentation for it.What are the registry values for Enforcement. on that machine.
Values are in the same path as described above. There are the Retry, Interval, Timeout, Index and StartTime values. I'm not sure if this is all and how they correlate to each other exactly. But maybe we can extract some information from the retry values. For example it may look like that all retries are failed and the machine is in extended timeout currently.Other way dealing with MSI install fails in the past, was to change something at the MSI metadata to re-enforce push/install. This is not possible in our case as we have no control over the SideCar agent metadata.Can someone share the MDM advanced diagnostic report.
What is listed there and what about the eventlogs. I also noticed the same since approx 2 weeks.
This worked absolutely fine in the past (in Dec for example, I built internal docs based on these positive results).Unfortunately, I did not found any root cause so far: in 'devicemanagement' event log, stuff seems to communicate to the Intune backed and no obvious errors. Hitting 'Sync button' does not help. The file C:ProgramDataMicrosoftIntuneManagementExtensionLogsIntuneManagementExtension.txt and the key HKEYLOCALMACHINESOFTWAREMicrosoftIntuneManagementExtensionPolicies are no longer created.Since that time (coincidence?), I have also problems with devices enrolled with on-prem users coming from 'synched AD groups' (from an on-prem infra, and using ADFS), where neither apps, scripts, or profiles are applied, even if 'devicemanagement' event log does also not show obvious errors.I will post here once I will progress in my tests. This morning, everything went fine and thought I would pull all my hair off.
Absolutely you have to be patient. Like ConfigMgr on-prem environment it takes time sometimes. A lot of background processes are running after OOBE and depending on various facts it may result in longer wait times. You observed it, OMA-DM client and so on. I have machine where I waited more than an hour. In the beginning of Intune (Silverlight portal and old backend) it was even worse, we waited for things sometime up to 4 hours and more. The new Azure based infrastructure is much better but it also takes some time infrequent.So again I can confirm that it takes time sometimes.
But my past is defined by ConfigMgr environments and there you learn to have patients:-). Hi Matt,If you see no EnterpriseDesktopAppManagement then you did not received the MSI install job yet. Did you receive other policies from Intune?I assume you are not seeing./device/Vendor/MSFT/EnterpriseDesktopAppManagement/ in the Advanced MDM report?!?Open Settings Accounts Access work or school Connected to TenantName’s Azure AD Info scroll down to the bottom and click “Create report”So the question here is, does your client receive any policies from Intune?User assignment is correct!Oliver. Hi Matthew,as time goes by things change:-), support for Hybrid Domain Joined devices is now available.see here:PrerequisitesThe Intune management extension has the following prerequisites:. Devices must be joined to Azure AD. The Intune management extension supports Azure AD joined, hybrid domain joined, and comanaged enrolled Windows devices. GPO-enrolled devices aren't supported.
Devices must run Windows 10 version 1607 or later. The Intune management extension agent is installed when a PowerShell script or a Win32 app is deployed to a user or device security group.best,Oliver. HeyI too am having issues deploying the Intune agent.Specifically this scenario I have noticedI can stand up a machine, join to AAD, it will push the intune agent. Powershell scripts work.IF I RESET the Win 10 machine, it will re-join AAD, but the Intune agent never pushes.Nothing under winsystem32configsystemprofileappdatalocalmdmOnly a few error messages in Event viewer, but nothing I recognize as 'intune agent failed to install'The machine does show the MDMDeviceWithAAD property. CompanyPortal is installed via MS Store.I have replicated this behavior on 4 different machines.The one instance I did get the agent to repush, I had to REMOVE the AAD account under 'Accounts - Work & School' - then re-join it to AzureAD. The Intune agent re-pushed after this process. Reset with retain user data.I've selected reset with retain user data from the device locally, and initiated via the Azure portal.When the device finishes, the user profile is re-created and the device automatically joined to Azure AD.
I go to Win Store and download Company Portal - MSI apps that we set to install automatically like OpenDNS and Trend will download. But we never get the Intune agent after that reset event.If I remove all AzureAD accounts from the laptop, switch back to local profile. Then rejoin to AzureAD, I will get the intune agent again. As expected:I performed a full wipe - the machine was not AAD joined afterward - It had a new identity (PC name) - After manually rejoining AAD, manually reinstalling Company Portal, signing in as my AAD identity, Intune Agent downloaded.
I can see in the DeviceManagment-Enterprise-Diagnostic-Provider a few new codes, 1922, 1920, 1906, 1905 - installing various GUID labeled programs - and now agent is availableI performed a 'Fresh Start' wipe on my other test machine. This retained the AAD association and PC name remained the same - after logging in, I manually reinstalled Company Portal. after 3 hours, multiple reboots, manually initiating sync, No Intune agent.I just removed the PC from azureAD, rebooted, rejoined manually, launched company portal, hit sync - Intune agent pushed to the machine. I also have the same issue. Because of manual enrollment the Intune Management Extension does not install. I tried installing it manually as mentioned here, with IntuneWindowsAgent.msi.It installs succesfully; I can see it in apps & features and I can see the files in C:Program Files (x86)Microsoft Intune Management Extension.However, after some minutes, it somehow uninstalls itselfs. The files in the directory disappear.From event manager:Event ID 11724 Product: Microsoft Intune Management Extension - Removal completed successfully.Event ID 1034 Windows Installer removed the product.
Product Name: Microsoft Intune Management Extension. Product Version: 1.16.105.0. Product Language: 1033. Manufacturer: Microsoft Corporation.
Removal success or error status: 0. It might be that MS is pushing this uninstall as the device is not meant to be an agent device, but this is pure speculation. Microsoft is aware of this problem that people want to use the agent without going through the OOBE enrollment again.Can you and others in this thread provide me numbers of effected clients? How many clients do you want to have under Intune agent management and are currently blocked due to this.I'm asking to share the details of your deployment blockers with Intune PG. Are we talking about just a few devices or several thousand?