![]() Would be good to have the pushed packages come AFTER everything is completed in the initial load. At the moment I have Teamviewer racing ahead and installing itself while the user is still setting up their Apple ID info. It would be great to figure out how to phase the installation of the apps.Especially in Mojave / Catalina, some apps need to be "Allowed" to install System Software.intunemac packages work, they force user input at these steps: To enable "zero touch" installation of apps the following two issues need to be resolved - but the way that the.It makes a nice little icon that takes you to a web page when you click on it. To do this, you can easily create a "Web Link" in the Apps blade (+Add, Web link, Configure).Saves the hassle of installing Intune Company Portal and is much more flexible. Because I failed in #4 and #5 above I came up with a workaround of using a web link to a custom web page with links for staff to directly download the packages.Go to Intune Configuration Profiles, create a new profile.Set up settings for it (don't worry about tying it to any specific device, we are only going to export the settings and modify them).Create a Device Group in Profile Manager.There are TONS of settings you can set with Profile Manager that are not available in the standard Intune config items (for example, Finder defaults, Login Window defaults, Installation of custom fonts). The best way to do this is to use Apple's Profile Manager which is part of macOS Server. Custom configuration profiles sound scary but are incredibly powerful.For example: (device.managementType -eq "MDM") The easiest way to separate the machines is via managementType and then you can create BYOD, MDM, DEP, Etc profiles.This slows down experimenting and testing. There can be some significant delays between defining the group and Azure updating the members in the background. Dynamic device groups are really useful to separate the different types of devices and apply different configurations.Include a dummy "Hello World" signed app embedded as part of the config package?.Someone with more time/effort/smarts could probably figure out how to do it and I imagine could use one or more of these tools to do it.(For example, I would have liked to be able to create a local admin via script and manage FileVault via script) I tried really hard but failed to package scripts (as opposed to full apps) to push out.Googling around it's clear that this is a common problem. Other apps such as Chrome ended in total failure.dmg files, but if you are lucky, like I was in the case of Teamviewer, you can find the. Despite these challenges, I was able to get Malwarebytes to work well.If you unzip it, you can mess around with the Detection.xml file that's within the Metadata folder to make things work. Incidentally, after running this "wrapping tool" you end up with a. You need to become familiar with the Microsoft Intune App Wrapping Tool for macOS to convert standard. Packaging apps to push to devices is a black art.The best strategy (DEP only) is to do per step 2 and force-push the configuration to those devices (Intune Company Portal allows people to pull the config/apps). The Intune Company Portal app is clunky and unreliable.This may be a new feature, because most people haven't had luck with this. Despite tons of evidence to the contrary, it is definitely possible to enroll DEP devices with User Affinity and MFA.Another benefit is that it's easy to take screen shots from the host system for use in documentation and training materials. VMs also let you easily roll back to snapshots and quickly test and experiment with changes. You can set up VMs to act like any type of machine in your fleet (DEP, BYOD, etc.). It's much easier to test and play with this stuff in VMs.I'm not a sysadmin, developer or Intune expert, so open to corrections and additions. There is very little of this stuff compiled in one place. This is just a random set of things that I learned, some tips and tricks and some opportunities for someone to add more knowledge. ![]() Intune is still a work-in-progress and nowhere near as feature complete as competing tools such as JAMF, but Intune is much cheaper so it was worth a shot. They included a mix of BYOD, DEP and some corporate devices bought before enrollment in DEP. I just spent (wasted?) a week trying to get a fleet of about 50 Macs managed with Intune. ![]()
0 Comments
Leave a Reply. |