Thank you so much, you've been a great help ! is it possible to configure the store in portal enterprise? to publish apps and let users install them or not.
Thanks, that is a GREAT question, unfortunately Apple restrict this setting, so you can create a PPPC setting to change "Screen Sharing" (think the setting is called Screen Recording from disabled (in Sonoma, previous had that as default), to allow user to allow it for Teams, but no supported way to force that setting. I think that is sad that Apple doesn't use as Administrator of a device we own force these settings, but they seems to put privacy to the end user higher. I got same issue for TeamViewer on macOS, I have to have the techs apply the PPPC and then manually enable/allow screen recording :(
Gret video! Can you post a video about making applications available vs required? In many environments (corporate, educational, healthcare etc.) it's highly unlikely that //every// Mac will need //all //packaged apps. That's hardly ever the case. Similarly, I'd like to see your process for converting a DMG to PKG and I'd like to see a few real-world examples like Devolutions Remote Desktop Manager for Mac, Visual Studio for Mac etc.)
thanks, you are right, normally you target specific devices. Converting DMG to PKG I use a 3rd party tool called Composer (Jamf) it is done in a few mouse click :) I would like to expand macOS management on the channel, got nothing planned yet.
Hi, question about deploying Apps within Intune directly or through Apple VPP apps, i know there are very few app choices for MacOS apps on the Apple VPP Store, but i was on a call with Microsoft and they were helping me with an issue and said this was the best way to do it.. Thoughts?
That is a really good question, one I'm fighting with right now myself. I think Apple VPP apps have pretty much software, like 365 apps, however their version of OneDrive doesn't support Folder Redirect so I don't use that version. It installs good, updates good when it works, the problem is when it fails to update, I got no extra tools to fix it. I think it is pretty good for self service software that not so many use, so you don't have to package it, since it auto update from store, but still most software I prefer PKG/DMG and manage updates, either with the built-in auto update or package a newer version and push.
Attention for zoom it is very important to use the IT version because otherwise it is not possible to apply configuration files ( plist ) I broke my teeth on the subject for several weeks
I can't deploy TeamViewer with commands (for example, that it joins the right group in the teamviewer console with easy access to an account) how do I proceed?
For TeamViewer you could use Bash Script only, like you mentioned you need the API token, groupID and all, instead of use a DMG/PKG, just push a .sh, here is one to just add values to the Three variables and it should work fine #!/bin/bash #These variables is the ONLY thing to modify in this script idc='xxx' token='xxx' group='gxxx' #Uninstall TeamViewer #Terminates TeamViewer app echo "Stopping TeamViewer" osascript -e 'quit app "TeamViewer_Host"' launchctl remove com.teamviewer.Helper #Deletes configuration files. echo "Removing TeamViewer configuration files" rm -f /Library/PrivilegedHelperTools/com.teamviewer.Helper rm -f /Library/Preferences/com.teamviewer* rm -f ~/Library/Preferences/com.teamviewer* #Set working directory to /tmp current_path=$(pwd) cd /tmp sudo cat choices.xml attributeSetting 1 choiceAttribute selected choiceIdentifier com.teamviewer.teamviewerhostSilentInstaller EOF cp "${current_path}/choices.xml" #Download and Install custom host echo "Downloading and Installing custom host" cd /tmp sudo curl -O dl.teamviewer.com/download/version_15x/CustomDesign/Install%20TeamViewerHost-idc$idc.pkg sudo installer -applyChoiceChangesXML choices.xml -pkg Install%20TeamViewerHost-idc$idc.pkg -target / #This wait is to allow time for the install to finish before running the account assignment echo "100 seconds wait before running the account assignment" sleep 100s #Assignment echo "Running the account assignment" /Applications/TeamViewerHost.app/Contents/Helpers/TeamViewer_Assignment -api-token $token -group-id "$group" -grant-easy-access -reassign sleep 100s echo "Running the account assignment second time" /Applications/TeamViewerHost.app/Contents/Helpers/TeamViewer_Assignment -api-token $token -group-id "$group" -grant-easy-access -reassign sleep 45s
It's part of 365 Apps (OneDrive) so that it how it is installed. Sync automatically I have to check, I usually setup so it also redirect Desktop/Documents to OneDrive, will see if there can be a video of that in the future.
if you are Enterprise enrolled, and you deploy directly to client? or issue to deploy Company Portal? normally that should work fine, did you experience something else?
@IntuneVitaDoctrina so i am using company portal to enroll the mac book pro. it enrolls successfully i am able to remotely restart/ shutdown device. but configuration/conpliance policys and app deployment do not get pushed to the laptop. i look at the managed apps inside the device section of the specific laptop, and it says waiting on installation status . ( Also, i tried most trouble shoot steps you can think off lol)
@IntuneVitaDoctrina the only thing i found was a specific agent that gets downloaded with company portal (intune management agent) that is scoped around apps(possibly configs/policies) to be deployed from intune --> company portal ?
If enrolled from Company Portal, possible, I always go to this page (the PDF on it, shows the limitation) but what you mentioned here deploy apps and so should work flawless: learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-macos
Hi.. How would I approach packaging three files and a script to run on macos, I could easily do this for Windows but unsure how I could for mac.. Thanks
Thanks a great question, before there was a util from Microsoft to do .intunemac file, I think it is depricated. I create pkg/dmg with in your example the file and script with help of a 3rd party tool called Composer (from Jamf, it cost money but is excellent)
will you be able to please do a tutorial on how to package a file using composer? something like connectwise or other tool? thank you! @@IntuneVitaDoctrina
I like that idea, it is a bit far from Intune, but this channel isn't only about Intune, I'll think about it, I would like to expand and also show a macOS tool (free) called Nudge to get updates installed faster.
so happy to hear, if you are interested to know howto manage Android devices in Intune those videos are coming next, within a week (already recorded but not edited), you don't even need to have a Android Device, we create a virtual one in the videos that we enroll to Intune :)
to install Company Portal? well if personal device you have to take it from Apple Store manually, if you manage you can in deployment during enrollment push it
Hi, good question, I would download from Oracle the JDK in DMG format, that can be uploaded directly to Intune and deploy easily: download.oracle.com/java/22/latest/jdk-22_macos-x64_bin.dmg JDK includes JRE, but if you want JRE separate that can be downloaded also
Hi, I'm having a problem updating an application. I managed to install version n of an application with its plist file, but when I want to update this application with the new version n+1, I get an error message and the application doesn't update. The message reads as follows:The file provided is not supported. Check the requirements for deploying the selected app type. (0x87D30143) If I manually uninstall version n, then version n+1 will install. I've tried in the script to uninstall application n before installing version n+1, but I get a request for the administrator password when executing the script. Any ideas? Thanks for your videos!
Hi, is it a Silicon mac or Intel? the package you deploy is it a DMG or PKG or something else?. Script shouldn't ask for password if it runs as root and not as the user? Interesting that it works if no software is installed, just upgrade fails, please let me know a bit more of the format etc and see if I can help.
@@IntuneVitaDoctrina Hello, I find out. I removed the "sudo" command in my installation script and it worked. Sorry for the late response, but I'm on a big issue with a multiple feature PKG package on Mac (M3 Pro Mac, Silicon I presume). Maybe you already solve this, with Cisco anyconnect, I only want to install the VPN.
I have more ideas than time to make videos. I got a lot of experience with Cisco AnyConnect and Cisco Secure Client (newer) works similiar, so that that would be a good video. I have promised too many comment videos about other things so I can just say good idea and I hope to have time to do a video about it
![ILLSLICK X YOUNGOHM - We're The same [Official Video]](http://i.ytimg.com/vi/yUJNkobYR0E/mqdefault.jpg)
Thank you so much, you've been a great help !
is it possible to configure the store in portal enterprise?
to publish apps and let users install them or not.
Thanks, yes that should be possible if I understood correct, make an Apple Store App, available in Company Portal for on demand install? that works
Great video! And how can I get screen sharing without enabling the privacy and sharing option in the settings? for example by Teams ?
Thanks, that is a GREAT question, unfortunately Apple restrict this setting, so you can create a PPPC setting to change "Screen Sharing" (think the setting is called Screen Recording from disabled (in Sonoma, previous had that as default), to allow user to allow it for Teams, but no supported way to force that setting.
I think that is sad that Apple doesn't use as Administrator of a device we own force these settings, but they seems to put privacy to the end user higher.
I got same issue for TeamViewer on macOS, I have to have the techs apply the PPPC and then manually enable/allow screen recording :(
Gret video! Can you post a video about making applications available vs required? In many environments (corporate, educational, healthcare etc.) it's highly unlikely that //every// Mac will need //all //packaged apps. That's hardly ever the case. Similarly, I'd like to see your process for converting a DMG to PKG and I'd like to see a few real-world examples like Devolutions Remote Desktop Manager for Mac, Visual Studio for Mac etc.)
thanks, you are right, normally you target specific devices. Converting DMG to PKG I use a 3rd party tool called Composer (Jamf) it is done in a few mouse click :)
I would like to expand macOS management on the channel, got nothing planned yet.
@@IntuneVitaDoctrina Sounds good. Let me know if you're open to partnering on something like this. :) Take care & be safe!
Thanks, for doing better iOS/macOS videos I would need someone with an "extra" Apple Business Manager account that can be used for this :)
@@IntuneVitaDoctrina Yup. I've got one and a dev m465 Tenant as well as a real one.
Hi, question about deploying Apps within Intune directly or through Apple VPP apps, i know there are very few app choices for MacOS apps on the Apple VPP Store, but i was on a call with Microsoft and they were helping me with an issue and said this was the best way to do it.. Thoughts?
That is a really good question, one I'm fighting with right now myself. I think Apple VPP apps have pretty much software, like 365 apps, however their version of OneDrive doesn't support Folder Redirect so I don't use that version. It installs good, updates good when it works, the problem is when it fails to update, I got no extra tools to fix it.
I think it is pretty good for self service software that not so many use, so you don't have to package it, since it auto update from store, but still most software I prefer PKG/DMG and manage updates, either with the built-in auto update or package a newer version and push.
Can you please do cisco secure client, utterly surprised there isnt a video for this
Yes, please cisco secure
Attention for zoom it is very important to use the IT version because otherwise it is not possible to apply configuration files ( plist )
I broke my teeth on the subject for several weeks
Thanks a lot! that is a real Pro-tip, didn't know about that, very important as installing is just the half battle, the config is the other
I can't deploy TeamViewer with commands (for example, that it joins the right group in the teamviewer console with easy access to an account) how do I proceed?
For TeamViewer you could use Bash Script only, like you mentioned you need the API token, groupID and all, instead of use a DMG/PKG, just push a .sh, here is one to just add values to the Three variables and it should work fine
#!/bin/bash
#These variables is the ONLY thing to modify in this script
idc='xxx'
token='xxx'
group='gxxx'
#Uninstall TeamViewer
#Terminates TeamViewer app
echo "Stopping TeamViewer"
osascript -e 'quit app "TeamViewer_Host"'
launchctl remove com.teamviewer.Helper
#Deletes configuration files.
echo "Removing TeamViewer configuration files"
rm -f /Library/PrivilegedHelperTools/com.teamviewer.Helper
rm -f /Library/Preferences/com.teamviewer*
rm -f ~/Library/Preferences/com.teamviewer*
#Set working directory to /tmp
current_path=$(pwd)
cd /tmp
sudo cat choices.xml
attributeSetting
1
choiceAttribute
selected
choiceIdentifier
com.teamviewer.teamviewerhostSilentInstaller
EOF
cp "${current_path}/choices.xml"
#Download and Install custom host
echo "Downloading and Installing custom host"
cd /tmp
sudo curl -O dl.teamviewer.com/download/version_15x/CustomDesign/Install%20TeamViewerHost-idc$idc.pkg
sudo installer -applyChoiceChangesXML choices.xml -pkg Install%20TeamViewerHost-idc$idc.pkg -target /
#This wait is to allow time for the install to finish before running the account assignment
echo "100 seconds wait before running the account assignment"
sleep 100s
#Assignment
echo "Running the account assignment"
/Applications/TeamViewerHost.app/Contents/Helpers/TeamViewer_Assignment -api-token $token -group-id "$group" -grant-easy-access -reassign
sleep 100s
echo "Running the account assignment second time"
/Applications/TeamViewerHost.app/Contents/Helpers/TeamViewer_Assignment -api-token $token -group-id "$group" -grant-easy-access -reassign
sleep 45s
How do you get OneDrive to install and sync automatically?
It's part of 365 Apps (OneDrive) so that it how it is installed.
Sync automatically I have to check, I usually setup so it also redirect Desktop/Documents to OneDrive, will see if there can be a video of that in the future.
would you know issues if its enrolled and not deploying to company portal?
if you are Enterprise enrolled, and you deploy directly to client? or issue to deploy Company Portal? normally that should work fine, did you experience something else?
@IntuneVitaDoctrina so i am using company portal to enroll the mac book pro. it enrolls successfully i am able to remotely restart/ shutdown device. but configuration/conpliance policys and app deployment do not get pushed to the laptop. i look at the managed apps inside the device section of the specific laptop, and it says waiting on installation status . ( Also, i tried most trouble shoot steps you can think off lol)
@IntuneVitaDoctrina the only thing i found was a specific agent that gets downloaded with company portal (intune management agent) that is scoped around apps(possibly configs/policies) to be deployed from intune --> company portal ?
If enrolled from Company Portal, possible, I always go to this page (the PDF on it, shows the limitation) but what you mentioned here deploy apps and so should work flawless:
learn.microsoft.com/en-us/mem/intune/fundamentals/deployment-guide-enrollment-macos
Hi.. How would I approach packaging three files and a script to run on macos, I could easily do this for Windows but unsure how I could for mac.. Thanks
Thanks a great question, before there was a util from Microsoft to do .intunemac file, I think it is depricated.
I create pkg/dmg with in your example the file and script with help of a 3rd party tool called Composer (from Jamf, it cost money but is excellent)
will you be able to please do a tutorial on how to package a file using composer? something like connectwise or other tool? thank you! @@IntuneVitaDoctrina
I like that idea, it is a bit far from Intune, but this channel isn't only about Intune, I'll think about it, I would like to expand and also show a macOS tool (free) called Nudge to get updates installed faster.
That would be amazing! thank you for considering it! i've been able to study & apply everything based on your methods!@@IntuneVitaDoctrina
so happy to hear, if you are interested to know howto manage Android devices in Intune those videos are coming next, within a week (already recorded but not edited), you don't even need to have a Android Device, we create a virtual one in the videos that we enroll to Intune :)
how do you stall company portal ?
to install Company Portal? well if personal device you have to take it from Apple Store manually, if you manage you can in deployment during enrollment push it
How to install JRE/JDK?
Hi, good question, I would download from Oracle the JDK in DMG format, that can be uploaded directly to Intune and deploy easily:
download.oracle.com/java/22/latest/jdk-22_macos-x64_bin.dmg
JDK includes JRE, but if you want JRE separate that can be downloaded also
Thanks so much
Hi, I'm having a problem updating an application. I managed to install version n of an application with its plist file, but when I want to update this application with the new version n+1, I get an error message and the application doesn't update. The message reads as follows:The file provided is not supported. Check the requirements for deploying the selected app type. (0x87D30143)
If I manually uninstall version n, then version n+1 will install. I've tried in the script to uninstall application n before installing version n+1, but I get a request for the administrator password when executing the script. Any ideas? Thanks for your videos!
Hi, is it a Silicon mac or Intel? the package you deploy is it a DMG or PKG or something else?.
Script shouldn't ask for password if it runs as root and not as the user?
Interesting that it works if no software is installed, just upgrade fails, please let me know a bit more of the format etc and see if I can help.
@@IntuneVitaDoctrina Hello, I find out. I removed the "sudo" command in my installation script and it worked. Sorry for the late response, but I'm on a big issue with a multiple feature PKG package on Mac (M3 Pro Mac, Silicon I presume).
Maybe you already solve this, with Cisco anyconnect, I only want to install the VPN.
@@petere8971 well done! yeah sudo is great for testing but in Intune it runs as "root", thanks for sharing
Can you please do cisco secure client, utterly surprised there isnt a video for this
I have more ideas than time to make videos. I got a lot of experience with Cisco AnyConnect and Cisco Secure Client (newer) works similiar, so that that would be a good video. I have promised too many comment videos about other things so I can just say good idea and I hope to have time to do a video about it