Microsoft Intune

This article provides step-by-step instructions to implement the App Catalog using Microsoft Intune.

Requirements

• At least an Intune Administrator role

Configuration Profile

• A Configuration Profile is needed to activate and configure the App Catalog. There are two options:

  • Basic: Go to the App Catalog Customer Portal to get a Configuration Profile to get you started right away with basic settings including the Supporting Configuration Profiles

  • Custom: Read the documentation to create a custom (advanced) configuration profile to meet your requirements: Configuration Profile

• When your Configuration Profile is ready, login at endpoint.microsoft.com and go to Devices -> macOS -> Configuration profiles

• Click Create profile

• Choose Templates as Profile type

• Select Custom and click Create

• Choose a name such as App Catalog Configuration

• Choose a Custom configuration profile name such as App Catalog Configuration or choose something different to present to users

• Select the .mobileconfig file containing your Configuration Profile

• Click Next, assign the users or devices and click Add

Supporting Configuration Profiles

To fully enable the App Catalog, some additional profiles are needed such as a Notifications payload, a Managed Login Item payload and PPPC. Go to the following pages, create Configuration Profiles or download a provided example:

To add the Configuration Profiles to Microsoft Intune, follow these steps for each profile:

• When your Configuration Profile is ready, go to Devices -> macOS -> Configuration profiles

• Click Create profile

• Choose Templates as Profile type

• Select Custom and click Create

• Choose a name such as Notifications - App Catalog and Managed Login Item - App Catalog

• Choose a Custom configuration profile name such as Notifications - App Catalog and Managed Login Item - App Catalog or choose something different to present to users

• Select the .mobileconfig file containing the Configuration Profile

• Click Next, assign the users or devices and click Add

Installing Apps

To install apps, the Catalog Agent needs to be installed and called with the Bundle Identifier as described in Installing Apps and needs to be done in a small script or package with postinstall script. Microsoft Intune does not support the use of variables in Shell Scripts and therefore a separate script for every app you want to install is needed. Follow these steps to create and add an app installation script or package:

Automatically with Deployment Tools

Catalog App on macOS in Admin Mode contains Deployment Tools which let the administrator download these scripts or packages automatically.

Company Portal

Need to add an app to the Company Portal app? Use the Package option. This is a PKG installer that executes the Catalog Agent in a post-install script to install the application. This option is required for Microsoft Intune as scripts cannot be put in the Company Portal app.

Manually

• Copy the app Bundle Identifier from https://portal.appcatalog.cloud/catalog

• Create a small script as shown below, replace BUNDLE_IDENTIFIER with the app Bundle Identifier and save it as a .zsh file. This script will also take care of the installation of the App Catalog if not already installed:

#!/bin/zsh --no-rcs

# Install App Catalog when not installed yet
if [[ ! -f "/usr/local/bin/catalog" ]]; then
  curl -sSL https://cdn.appcatalog.cloud/install_app_catalog.zsh | zsh
fi

# Install app
/usr/local/bin/catalog --install "BUNDLE_IDENTIFIER"

• Below is an example script for installing Google Chrome:

• Go to Devices -> macOS -> Shell scripts

• Click Add

• Choose a name such as Install Google Chrome

• Upload the script and make sure Run script as signed-in user is set to No

• Click Next, assign the users or devices and click Add

• The app will now be installed on the next check-in. To verify, logs can be checked by selecting the script -> Device status as shown below:

Updating Apps (macOS 12 only)

Updating apps is similar to installing apps, the Catalog Agent needs to be called with the --update argument as described in Updating Apps using a small script. This script will also take care of the installation of the App Catalog if not already installed. This script is only required for macOS 12 because macOS 13 and later automatically handles updates autonomously when the UpdateInterval key is configured.

Follow these steps to add such this script:

• Below is an example script:

#!/bin/zsh --no-rcs

# Install App Catalog when not installed yet
if [[ ! -f "/usr/local/bin/catalog" ]]; then
  curl -sSL https://cdn.appcatalog.cloud/install_app_catalog.zsh | zsh
fi

# Update apps
/usr/local/bin/catalog --update

• Download the example script below containing a check if the App Catalog is present:

• Go to Devices -> macOS -> Shell scripts

• Click Add

• Choose a name such as Update Apps

• Upload the script and make sure Run script as signed-in user is set to No

• Configure the Script frequency as you want, such as Every 1 day

• Click Next, assign the users or devices and click Add

• All managed and unmanaged apps with updates will now be updated on the next check-in every day

🎉 That's it, you have succesfully configured the App Catalog for Microsoft Intune!