Working with Intune

Introduction

Microsoft Intune supports a variety of app types and deployment scenarios on both Mac and Windows 10/11 devices. Some preparation is involved prior to installing via Intune, including configuring apps according to the Intune format (.intunewin).

Full details on preparation and configuration for Windows devices can be found at Windows 10/11 app deployment by using Microsoft Intune. Further information on creating Mac profiles can be found at Create a device profile in Microsoft Intune.

This article describes the following:

  • How to prepare and add Admin By Request for Windows to an Intune package ready for deployment.

  • How to create an Intune Configuration Profile for a Mac.

Once packages and profiles are created and added to Intune, they can be deployed to users and devices.

How to add a Windows package

  1. Before adding the application to Intune, create a package in the .intunewin format using the Microsoft Win32 Content Prep Tool.

  2. Run the tool (IntuneWinAppUtil.exe) at a Windows command line, entering data as shown:

    This creates an Admin By Request package file that can be used by Intune.

  3. Go to Intune and open Apps > Windows and click Add:

  4. Select Windows app (Win32) and click Select.

  5. Choose the Admin By Request package file created in step 2 and click OK:

  6. In the (1) App information window, enter Publisher and App Version if not already given:

  7. In the (2) Program window, enter change the Uninstall command to:
    powershell.exe -command "Get-Package -Name 'Admin By Request Workstation' | Uninstall-Package -AllVersions -Force"

  8. In the (3) Requirements window:

    1. For Operating system architecture, select both 32-bit and 64-bit:

    2. For Minimum operating system, select Windows 10 1607:

  9. In the (4) Detection rules window, for Rules format, select Manually configure detection rules and click + Add::

  10. In the Detection rule window, change the Path to C:\Program Files (x86)\FastTrack Software\Admin By Request:

  11. Continue with the Intune package process, accepting the defaults for all remaining prompts/questions.

Test the Installation on Random Endpoints

Testing the installation involves a quick connection check:

  1. On an endpoint with Admin By Request installed, launch the application by selecting it from the system tray and clicking About Admin By Request:

  2. Select Connectivity and check that Operational Status and Cloud Connectivity are OK:


As a further test, you might also want to check the inventory in the portal, to review the details that are now being logged for this endpoint:

  1. From the portal top menu, select Inventory.

  2. Locate the endpoint and click either the computer name link or the Details link:

How to create a Mac configuration profile

  1. In Intune, under Configuration Profiles, select Create Profile.

  2. Enter the following details into the Create a Profile form:

    • Platform: macOS

    • Profile type: Templates

    • Template name: ABR – FDA

  3. Click Create.

  4. Under Device restrictions, go to Configuration settings.

  5. Select Privacy preferences and click Add:

  6. In the Edit Row form, enter the following:

    • Name: ABR – FDA

    • Identifier type: Path

    • Identifier: /Library/adminbyrequest/adminbyrequest

    • For Code Requirement, enter the following line of code:

      Copy 
      identifier "com.fasttracksoftware.adminbyrequest" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AU2ALARPUP
      IMPORTANT

      The code snippet is all one line. Use the Copy button in the top right corner of the code box to copy the code to the clipboard.

    7. The completed form:

  7. Finally, select Allow in field Full disk access: