macOSLOBAppTool
Background
This tool is designed to manage macOS apps that cannot be distributed via MEM when wrapped as an .intunemac file. There are a number of limitations using the wrapping method, some of them being that only .pkg files are supported and that we have to rely on the MDM framework in macOS to detect the app. Only apps installed to /Applications can be detected with this method and the app must have a very sepcific structure to be detected. If the app does not include specific parameters your only option is to ask the developer to change this.
If you have a .dmg package you would like to publish in MEM, you would have to convert this to a .pkg. When doing this you must have a Apple Developer certificate to sign your converted app.
Solution
With the above limitations in mind I decided to build a tool which can deploy virtually any app using the Microsoft Intune Agent to run scripts and Azure Storage Account to build a app repository.
When running the tool, the app won't be wrapped but instead uploads to an Azure blob and a macOS shell script is created in MEM. When the script runs on a mac, it curls the package from the blob and if it's a DMG, mounts and installs or if it's a PKG, installs directly. The blob downloads to the currently logged on users Downloads folder. After the installation is complete, the package is removed from Downloads.
A metadata tag is added to the blob with the format "Version: {CFBundleShortVersion}" to keep track of uploaded versions.
If 7-zip is installed on the device running this tool, the script will try to automatically extract the CFBundleShortVersion
from the Info.plist file, it is also possible to enter the version manually.
Per default, the install location is set to /Applications. If needed this can be changed. This path and CFBundleShortVersion is needed to detect if
the latest version of the app is already installed on the mac.
Before using, keep in mind that this is an early version of this tool. Test thoroughly. You can find the code on my GitHub
- Planned features
- Pre-requisites
- Powershell versions
- Usage
- In action
- Screenshots
- Limitations
- Changelog
Planned features
Ability to assign app from the WPFHandle updating apps from WPFGet CFBundleShortVersion from .pkg packages using 7-zipAdd a dark theme switch. Why you ask? Because it's fun
Pre-requisites
To use this tool you need a couple of moduels installed
- Az.Storage
- Microsoft.Graph.Authentication
Also, a storage account must already be created. Using this tool it is assumed that the container is publicly available.
Powershell versions
✅ 7.1.3
✅ 7.0.4
❌ 5.X
Usage
Before use, you might have to unblock the files.
Launch the script by typing:
.\path\to\macoslobapptool.ps1
In action
Screenshots
Light/Dark mode
Badges
Warning popup
Console output
Azure blob
MEM Shell script
Limitations
- DMGs that contains an installer.app is not supported. Have not figured out how an install of these types of installers would work from a script.
Changelog
Version 1.04.07.01 2021-04-07
- Added update functionality
- Added button badges when uploading/updating
- New tabbed interface for uploading new packages and updating
- Added popup messages for warnings (thanks smsagent)
- Renamed Themes folder to Assembly
- Added material icons and removed Octions
- Updated shell script for installing apps to handle versions in format of X.X.X
- Added dark theme switch, now you can upload/update in style 😎
Version 1.04.01.01 2021-04-01
- Added function to assign packages
- The tool now tries to extract CFBundleShortVersion from .PKGs
- Removed the dependecy of 7z.exe in script folder, it now snags the path to the EXE from registry
- Added button to GitHub repo to the top
- Added twitter icon with @handle to the top
Version 1.03.31.01 2021-03-31
- Removed script frequency, the script now only executes one time on devices
Version 1.0 2021-03-30
- Initial release
