App Types in Microsoft Intune for macOS

Managing macOS applications in an enterprise environment can be challenging, but Microsoft Intune simplifies this process by offering a wide range of app deployment options. Whether you’re deploying first-party Microsoft apps, custom enterprise tools, or web-based applications, Intune provides the flexibility and control needed to ensure your workforce stays productive and secure.?

In this blog, we’ll explore all app types supported by Microsoft Intune for macOS, including their use cases, deployment steps, technical workflows, differentiation from other options, and best practices.?

?

Why Use Microsoft Intune for macOS App Management??

Microsoft Intune is a cloud-based endpoint management solution that enables IT administrators to manage devices, apps, and policies from a single console. For macOS devices, Intune offers robust app management capabilities, ensuring that applications are deployed, updated, and monitored efficiently.?

With the increasing adoption of macOS in enterprise environments, Intune’s support for macOS app types has become essential for organizations looking to maintain security, compliance, and productivity.?

?

App Types Supported by Microsoft Intune for macOS?

Here’s a detailed breakdown of all the app types supported by Microsoft Intune for macOS, including their use cases, deployment steps, technical workflows, differentiation from other options, and best practices.?

?

Microsoft 365 Apps?

Description: First-party Microsoft applications like Office, Teams, and OneDrive can be deployed and managed directly through Intune.?

Use Case: Ideal for organizations that rely on Microsoft 365 for productivity and collaboration.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select Microsoft 365 Apps under the macOS platform.?
• Configure the app suite (e.g., include or exclude specific apps like Word, Excel, Teams).?
• Assign the app to groups (e.g., all users, specific departments).?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune uses the Microsoft AutoUpdate (MAU) framework to deploy and update Microsoft 365 Apps on macOS.?

• The app suite is downloaded from Microsoft’s CDN (Content Delivery Network) and installed silently on the device.?

• Licensing is handled through Azure Active Directory (AAD) integration.?

Differentiation:?

• Microsoft 365 Apps are specifically designed for Office applications and are tightly integrated with Microsoft’s ecosystem.?

• Unlike other app types, Microsoft 365 Apps are updated automatically through the MAU framework, ensuring users always have the latest version.?

Common Issues:?

• Installation failures due to insufficient disk space.?

• Licensing errors (e.g., "Product Deactivation").?

• Conflicts with existing Office installations.?

Error Codes:?

• 0x87D1041C: Installation failed due to insufficient disk space.?

• 0x87D1041D: Licensing error or activation failure.?

Troubleshooting Logs:?

• Review the Intune Management Extension (IME) logs located at /Library/Logs/Microsoft/Intune/.?

• Check the Office installation logs at /Library/Logs/Microsoft/Office/.?

Best Practices:?

• Ensure devices meet the minimum system requirements for Microsoft 365 Apps.?

• Remove existing Office installations before deploying Microsoft 365 Apps.?

• Use Intune’s reporting features to monitor installation status and resolve issues.?

?

macOS Apps (MDM Channel)?

Description: Applications installed via Apple’s MDM (Mobile Device Management) channel, ensuring they come from trusted sources.?

Use Case: Suitable for deploying apps that are available through Apple’s ecosystem but not necessarily on the App Store.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select macOS as the platform and choose the app type (e.g., App Store app, custom app).?
• Upload the app package or provide the App Store link.?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune communicates with Apple’s MDM protocol to install apps on macOS devices.?

• Apps are downloaded from the App Store or a custom source and installed silently.?

• Device enrollment in Intune is required for app deployment.?

Differentiation:?

• macOS Apps (MDM Channel) are installed via Apple’s MDM protocol, ensuring they come from trusted sources.?

• Unlike Microsoft 365 Apps, these apps are not limited to Microsoft’s ecosystem and can include any app available through Apple’s MDM channel.?

Common Issues:?

• App installation failures due to network issues.?

• Apps not appearing on devices after deployment.?

Error Codes:?

• 0x87D12906: App installation failed due to network issues.?

• 0x87D12907: App deployment timed out.?

Troubleshooting Logs:?

• Review the MDM logs located at /var/log/install.log.?

• Check the Intune logs at /Library/Logs/Microsoft/Intune/.?

Best Practices:?

• Ensure devices are properly enrolled in Intune and connected to the internet.?

• Test app deployments in a pilot group before rolling out to all devices.?

?

Microsoft Edge, Version 77 and Later?

Description: The Microsoft Edge browser can be deployed, configured, and updated through Intune.?

Use Case: Perfect for organizations standardizing on Microsoft Edge for browsing and web-based applications.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select Microsoft Edge under the macOS platform.?
• Configure browser policies (e.g., password management, extensions).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune downloads the Microsoft Edge installer from Microsoft’s CDN.?

• The browser is installed silently, and policies are applied via Intune’s configuration profiles.?

• Updates are managed through Intune or the Microsoft AutoUpdate (MAU) framework.?

Differentiation:?

• Microsoft Edge is specifically designed for browsing and web-based applications, with tight integration with Microsoft’s ecosystem.?

• Unlike other browsers, Microsoft Edge can be centrally managed and configured through Intune.?

Common Issues:?

• Browser policies not applying correctly.?

• Installation failures due to conflicts with other browsers.?

Error Codes:?

• 0x87D1290A: Policy application failure.?

• 0x87D1290B: Installation conflict with another browser.?

Troubleshooting Logs:?

• Review the Edge installation logs at /Library/Logs/Microsoft/Edge/.?

• Check the Intune logs at /Library/Logs/Microsoft/Intune/.?

Best Practices:?

• Use Intune’s configuration profiles to enforce browser policies.?

• Remove conflicting browsers before deploying Microsoft Edge.?

?

Microsoft Defender for Endpoint?

Description: Microsoft Defender for Endpoint is an enterprise-grade endpoint security platform that can be managed through Intune.?

Use Case: Essential for organizations looking to secure macOS devices against advanced threats.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.
• Go to Apps > All Apps > Add.?
• Select Microsoft Defender for Endpoint under the macOS platform.?
• Configure security policies (e.g., threat detection, real-time protection).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune downloads the Defender installer from Microsoft’s CDN.?

• The app is installed silently, and policies are applied via Intune’s configuration profiles.?

• Threat data is sent to the Microsoft Defender for Endpoint portal for analysis.?

Differentiation:?

• Microsoft Defender for Endpoint is specifically designed for endpoint security, with advanced threat detection and response capabilities.?

• Unlike other security solutions, Defender is tightly integrated with Microsoft’s ecosystem and can be centrally managed through Intune.?

Common Issues:?

• Defender not updating definitions.?

• Conflicts with third-party antivirus software.?

Error Codes:?

• 0x87D10420: Definition update failure.?

• 0x87D10421: Conflict with third-party software.?

Troubleshooting Logs:?

• Review the Defender logs at /Library/Logs/Microsoft/Defender/.?

• Check the Intune logs at /Library/Logs/Microsoft/Intune/.?

Best Practices:?

• Ensure devices meet the minimum system requirements for Defender.?

• Remove conflicting antivirus software before deploying Defender.?

?

Web Application (macOS Web Clip)?

Description: Web applications can be added as web clips on macOS devices, providing quick access to web-based tools or portals.?

Use Case: Useful for deploying internal web portals, SaaS applications, or cloud-based tools.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select Web App under the macOS platform.?
• Provide the URL and configure the web clip (e.g., name, icon).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune creates a web clip (shortcut) on the macOS device.?

• The web clip opens the specified URL in the default browser.?

• No installation is required.?

Differentiation:?

• Web Clips are shortcuts to web-based applications, providing quick access without requiring installation.?

• Unlike web links, web clips can be customized with names and icons, providing a more native app-like experience.?

Common Issues:?

• Web clips not appearing on devices.?

• Broken links or incorrect URLs.?

Error Codes:?

• 0x87D12908: Web clip deployment failure.?

Troubleshooting Logs:?

• Review the Intune logs at /Library/Logs/Microsoft/Intune/.?

Best Practices:?

• Test URLs before deploying web clips.?

• Use descriptive names for web clips to avoid confusion.?

?

Web Link?

Description: Web links are shortcuts to important URLs that can be added to macOS devices for quick access.?

Use Case: Ideal for providing quick access to frequently used websites or resources.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select Web Link under the macOS platform.?
• Provide the URL and configure the link (e.g., name, icon).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune creates a shortcut to the specified URL on the macOS device.?

• The link opens in the default browser.?

• No installation is required.?

Differentiation:?

• Web Links are simple shortcuts to URLs, providing quick access without customization.?

• Unlike web clips, web links do not support custom icons or names.?

Common Issues:?

• Links not opening correctly.?

• Links not appearing on devices.?

Error Codes:?

• 0x87D12909: Web link deployment failure.?

Troubleshooting Logs:?

• Review the Intune logs at /Library/Logs/Microsoft/Intune/.?

Best Practices:?

• Test links before deployment.?

• Use descriptive names for web links.?

?

Line-of-Business (LOB) App?

Description: Custom enterprise apps developed internally or by third parties, deployed via Intune.?

Use Case: Perfect for deploying proprietary tools, internal software, or legacy applications.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select Line-of-Business App under the macOS platform.?
• Upload the .pkg or .dmg file and configure the app (e.g., name, version).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune uploads the app package to its cloud storage.?

• The package is downloaded to the macOS device and installed via Apple’s MDM protocol.?

• Installation scripts can be included for custom configurations.?

Differentiation:?

• LOB Apps are custom apps developed for specific business needs, providing flexibility and control over app deployment.?

• Unlike Microsoft 365 Apps or App Store apps, LOB apps are not limited to pre-built applications and can include proprietary tools.?

Common Issues:?

• Installation failures due to incorrect packaging.?

• Apps not functioning as expected after deployment.?

Error Codes:?

• 0x87D10422: Installation failure due to invalid package.?

Troubleshooting Logs:?

• Review the Intune logs at /Library/Logs/Microsoft/Intune/.?

• Check the installation logs at /var/log/install.log.?

Best Practices:?

• Test LOB apps thoroughly before deployment.?

• Use proper packaging tools to create .pkg or .dmg files.?

?

macOS App (DMG)?

Description: macOS apps packaged in DMG (Disk Image) format can be uploaded to Intune and deployed to devices.?

Use Case: Suitable for distributing apps that are not available on the App Store or require manual installation.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select macOS App (DMG) under the macOS platform.?
• Upload the DMG file and configure the app (e.g., name, version).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune uploads the DMG file to its cloud storage.?

• The DMG is downloaded to the macOS device, mounted, and installed via Apple’s MDM protocol.?

• Installation scripts can be included for custom configurations.?

Differentiation:?

• DMG files are disk images that can contain multiple files and folders, making them ideal for distributing complex apps.?

• Unlike PKG files, DMG files require manual mounting and installation, which can be automated via Intune.?

Common Issues:?

• DMG files failing to mount.?

• Apps not installing correctly from DMG.?

Error Codes:?

• 0x87D10423: DMG mount failure.?

Troubleshooting Logs:?

• Review the Intune logs at /Library/Logs/Microsoft/Intune/.?

• Check the installation logs at /var/log/install.log.?

Best Practices:?

• Ensure DMG files are properly signed and notarized.?

• Test DMG deployments in a pilot group before full rollout.?

?

macOS App (PKG)?

Description: macOS apps packaged in PKG (Installer Package) format can be uploaded to Intune and deployed to devices.?

Use Case: Ideal for deploying apps that require installation scripts or additional configurations.?

Deployment Steps:?

• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select macOS App (PKG) under the macOS platform.?
• Upload the PKG file and configure the app (e.g., name, version).?
• Assign the app to groups.?

Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune uploads the PKG file to its cloud storage.?

• The PKG is downloaded to the macOS device and installed via Apple’s MDM protocol.?

• Installation scripts can be included for custom configurations.?

Differentiation:?

• PKG files are installer packages that can include pre-install and post-install scripts, making them ideal for complex deployments.?

• Unlike DMG files, PKG files are installed directly without requiring manual mounting.?

Common Issues:?

• PKG installation failures due to missing dependencies.?

• Apps not functioning as expected after installation.?

Error Codes:?

• 0x87D10424: PKG installation failure.?

Troubleshooting Logs:?

• Review the Intune logs at /Library/Logs/Microsoft/Intune/.?

• Check the installation logs at /var/log/install.log.?

Best Practices:?

• Include all dependencies in the PKG file.?

• Test PKG deployments thoroughly before full rollout.?

?

VPP (Volume Purchase Program) Apps?

Description: Apps purchased in bulk through Apple’s Volume Purchase Program (VPP) can be deployed via Intune without requiring an Apple ID.?

Use Case: Ideal for organizations that need to deploy paid apps to multiple devices.?

Deployment Steps:?

• Enroll in Apple Business Manager and purchase apps through the VPP program.?
• Sync the VPP token with Intune in the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select macOS as the platform and choose the VPP app.?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune syncs with Apple Business Manager to retrieve VPP app licenses.?

• Apps are deployed to devices without requiring an Apple ID.?

• Licenses are managed centrally through Intune.?

Differentiation:?

• VPP Apps are purchased in bulk and deployed without requiring individual Apple IDs, making them ideal for enterprise environments.?

• Unlike other app types, VPP apps are tied to Apple’s licensing system and require enrollment in Apple Business Manager.?

Common Issues:?

• Licensing errors (e.g., "License Not Available").?

• Apps not appearing on devices after deployment.?

Error Codes:?

• 0x87D10425: License not available.?

• 0x87D10426: VPP token sync failure.?

Troubleshooting Logs:?

• Review the Intune logs at /Library/Logs/Microsoft/Intune/.?

• Check the VPP sync logs in Apple Business Manager.?

Best Practices:?

• Ensure the VPP token is properly synced with Intune.?

• Monitor license usage to avoid exceeding the purchased number of licenses.?

?

Packaging Scripts as Apps and Deploying via Intune?

Description: Custom scripts can be packaged as apps and deployed via Intune to perform specific tasks on macOS devices.?

Use Case: Ideal for deploying custom configurations, automating tasks, or installing dependencies.?

Deployment Steps:?

• Write the script (e.g., shell script) and test it thoroughly.?
• Package the script as a .pkg or .dmg file using tools like Packages or Jamf Composer.?
• Navigate to the Microsoft Endpoint Manager Admin Center.?
• Go to Apps > All Apps > Add.?
• Select macOS App (PKG) or macOS App (DMG) under the macOS platform.?
• Upload the package and configure the app (e.g., name, version).?
• Assign the app to groups.?
• Monitor deployment status in the Apps dashboard.?

Technical Workflow:?

• Intune uploads the script package to its cloud storage.?

• The package is downloaded to the macOS device and executed via Apple’s MDM protocol.?

• Scripts can include pre-install and post-install actions for custom configurations.?

Best Practices:?

• Test scripts thoroughly before packaging and deployment.?

• Use proper packaging tools to ensure scripts are executed correctly.?

• Include error handling in scripts to manage unexpected issues.?

• Monitor script execution logs to ensure successful deployment.?

?

Real-World Use Cases?

• Microsoft 365 Apps: A remote workforce using Teams, Outlook, and OneDrive for collaboration.?

• Line-of-Business Apps: A healthcare organization deploying a custom patient management app.?

• Microsoft Defender for Endpoint: A financial institution securing sensitive data on macOS devices.?

?

Advanced Configurations?

• Microsoft 365 Apps: Configuring update channels (e.g., Current, Monthly Enterprise).?

• Microsoft Edge: Enforcing browser policies like password management, extensions, and startup behavior.?

• Microsoft Defender for Endpoint: Configuring advanced threat protection settings.?

• PKG/DMG Apps: Using pre-install and post-install scripts for custom configurations.?

?

Proactive Monitoring and Maintenance?

• Use Intune’s reporting and analytics to track app installation status and compliance.?

• Set up alerts and notifications for failed installations or policy conflicts.?

• Regularly review logs and reports to identify and resolve issues before they impact users.?

?

Common Pitfalls and How to Avoid Them?

• Pitfall: Not testing apps before deployment.?

• Solution: Always test apps in a pilot group before full rollout.?

• Pitfall: Overlooking dependencies for LOB apps.?

• Solution: Include all dependencies in the app package or script.?

• Pitfall: Ignoring macOS version compatibility.?

• Solution: Verify app compatibility with the macOS versions used in your organization.?

?

Integration with Other Microsoft Tools?

• Microsoft Endpoint Manager Admin Center: Centralized management of devices and apps.?

• Azure Active Directory (AAD): Conditional access policies to ensure only compliant devices can access apps.?

• Microsoft Defender for Cloud Apps: Monitoring and securing cloud-based apps.?

?

User Experience Considerations?

• Provide clear instructions for users on how to access and use deployed apps.?

• Minimize disruptions by scheduling app updates during off-peak hours.?

• Use user-friendly names for web clips and web links to avoid confusion.?

?

Security and Compliance Considerations?

• Use App Protection Policies to secure data within apps.?

• Enforce device compliance policies to ensure only secure devices can access apps.?

• Regularly audit app permissions and access controls.?

?

Troubleshooting Guide?

Step 1: Check the Intune logs at /Library/Logs/Microsoft/Intune/.?

Step 2: Review the MDM logs at /var/log/install.log.?

Step 3: Verify device enrollment and network connectivity.?

Step 4: Check for conflicts with existing apps or policies.?

Step 5: Consult the official Microsoft documentation or support forums.?

?

FAQs?

• Q: Can I deploy apps to macOS devices without user interaction??

• A: Yes, Intune supports silent installations for most app types.?

• Q: How do I update apps deployed via Intune??

• A: Apps can be updated automatically or manually, depending on the app type and configuration.?

• Q: What happens if an app installation fails??

• A: Intune provides detailed error codes and logs to help troubleshoot the issue.?

?

Future Trends and Updates?

• Increased adoption of universal apps for Apple Silicon (M1/M2) and Intel-based Macs.?

• Enhanced integration between Intune and Apple Business Manager.?

• New features in Intune for managing macOS Ventura and later versions.?

?

Glossary of Terms?

• MDM (Mobile Device Management): A protocol for managing mobile devices.?

• VPP (Volume Purchase Program): Apple’s program for bulk app purchases.?

• LOB (Line-of-Business) App: Custom apps developed for specific business needs.?

• DMG (Disk Image): A file format for distributing macOS apps.?

• PKG (Installer Package): A file format for installing macOS apps?

Reference Articles

• Understanding application types in Microsoft Intune for macOS
• Deployment guide to manage macOS devices in Intune
• Get started with macOS endpoints - Microsoft Intune
• Install Microsoft 365 apps to macOS devices using Microsoft Intune | Microsoft Learn
• Add Microsoft Edge to macOS devices using Microsoft Intune | Microsoft Learn
• Add Microsoft Defender for Endpoint to macOS devices using Microsoft Intune | Microsoft Learn
• Add web apps to Microsoft Intune | Microsoft Learn
• How to add macOS line-of-business apps to Microsoft Intune | Microsoft Learn
• Add an unmanaged macOS PKG app to Microsoft Intune | Microsoft Learn
• Use shell scripts on macOS devices in Microsoft Intune | Microsoft Learn