Before directing users to register their Mac computers with Azure Active Directory (Azure AD), it is necessary to deploy Microsoft's Company Portal app.
Deploying the Company Portal app involves the following steps:
Intune lets you manage macOS devices to give users access to company email and apps. As an Intune admin, you can set up enrollment for company-owned macOS devices and personally owned macOS devices ('bring your own device' or BYOD).
Download the Company Portal app from Microsoft.
Upload the Company Portal app to Jamf Pro as a package.
(Optional) Identify Mac computers that do not have the Company Portal app installed.
Deploy the Company Portal app to Mac computers.
By: Arnab Biswas Program Manager - Microsoft Endpoint Manager - Intune You can use Microsoft Endpoint Manager to deploy the most common app types supported by macOS such as.pkg.dmg or.app. Natively, Mac MDM only supports installing signed.pkg-type applications. Download a sample script to install Company Portal for macOS from Intune Shell Script Samples - Company Portal. Follow instructions to deploy the macOS Shell Script using macOS Shell Scripts. Set Run script as signed-in user to No (to run in the system context).
Java 8 for mac. On a Mac computer, download the current version of the Company Portal app for macOS from the Microsoft website.
Important: Do not install it, you need a copy of the app to upload to Jamf Pro.
The CompanyPortal_Installer.pkg file can be downloaded from: https://go.microsoft.com/fwlink/?linkid=862280
Upload the Company Portal app to a distribution point in Jamf Pro.
In Jamf Pro, navigate to Settings > Computer Management > Packages.
Create a new package that includes the Company Portal app and click Save.
In Jamf Pro, navigate to Computers > Smart Computer Groups.
Create a new smart group that identifies Mac computers that do not have the CompanyPortal.app from Microsoft installed.
Click Save.
In Jamf Pro, navigate to Computers > Policies and create a policy that deploys the Company Portal app to users.
Use the General payload to configure the following settings:
For Trigger, select 'Enrollment Complete' and 'Recurring Check-in'.
For Execution Frequency, select 'Once per computer'.
Select the Packages payload, and then click Configure.
Click Add for the package that includes the Company Portal app.
Configure the settings for the package.
Specify a distribution point for Mac computers to download the package from.
Click the Scope tab to specify Mac computers on which the Company Portal app should be installed.You may also use the smart computer group created in step 3.
Click Save.
Note: The policy runs on Mac computers in the scope the next time they check in with Jamf Pro and meet the criteria in the General payload.
Managing Packages
Find out how to create a package and upload a file to a distribution point in Jamf Pro.
Smart Computer Groups
Find out how to create smart groups in Jamf Pro.
Smart Computer Groups
Find out how to create smart groups in Jamf Pro.
Microsoft Intune supports the deployment of applications using InstallApplication. This opens the possibility to manage Mac computers with Microsoft Intune, and automatically push Munki to provide additional functionality.
The process for that is outlined in How to add macOS line-of-business (LOB) apps to Microsoft Intune
Microsoft Intune For Mac
Make sure:
Your packages are 'distribution packages' and signed with a 'Developer ID Installer' certificate. See distributing packages with InstallApplication and Intro to installing macOS content from a web server
They don't contain a space in their filename (thanks, @emilp333!)
Setup Intune For Mac
As far as I know, there's no way to make these macOS LOB apps to be installed during the setup assistant (also called: 'Bootstrap package'. In practice, the delay between enrolment and the app being deployed can be quite long (I've seen 5 minutes while clicking on 'Sync' frantically). Also, Microsoft Intune seem to be a little slow to report success or failure in the console. Perhaps time for a User voice feedback?
