Working with Intune

Introduction

Microsoft Intune supports a variety of app types and deployment scenarios on both Mac and Windows 10/11 devices. Some preparation is involved prior to installing via Intune, including configuring apps according to the Intune format (.intunewin).

Full details on preparation and configuration for Windows devices can be found at Windows 10/11 app deployment by using Microsoft Intune. Further information on creating Mac profiles can be found at Create a device profile in Microsoft Intune.

This article describes the following:

  • How to prepare and add Admin By Request for Windows to an Intune package ready for deployment.

  • How to create an Intune Configuration Profile for a Mac.

Once packages and profiles are created and added to Intune, they can be deployed to users and devices.

How to add a Windows package

This guide outlines the full process for deploying Admin By Request Workstation via Microsoft Intune using the Win32 app packaging method.

Prerequisites

  • Devices must be Azure AD joined and Intune MDM-enrolled

  • Users must be assigned an Intune-enabled license (e.g. EMS E3)

  • The Administrator must have permissions to create Win32 apps in Intune

  • The ABR MSI installer must be downloaded from the Admin By Request portal and must match your tenant

Procedure

  1. Download and Convert the ABR Installer:

    1. If you haven't already, login to your ABR portal and download the latest ABR MSI installer file for Windows Workstation Endpoints.

    2. Create a local folder (e.g. C:\ABRInstall) and copy or move the downloaded MSI file there.

    3. Download the Microsoft Win32 Content Prep Tool (IntuneWinAppUtil.exe) and place it in the same folder.

    4. From the folder, open PowerShell as Administrator and run the following (assuming folder is C:\ABRInstall and downloaded MSI file is Admin By Request 8.6 Workstation.msi):

      Copy

      .\IntuneWinAppUtil.exe -c "C:\ABRInstall" -s "Admin By Request 8.6 Workstation.msi" -o "C:\ABRInstall"

      .\IntuneWinAppUtil.exe -c "C:\ABRInstall" -s "Admin By Request 8.5 Workstation.msi" -o "C:\ABRInstall"

      If successful, this generates a file named Admin By Request 8.6 Workstation.intunewin in the same folder.

      Common issues:

      • Make sure you are running PowerShell as Administrator.

      • Make sure the command is entered as one line in PowerShell.

      • If you get an error message "The folder you specified cannot be accessed", make sure the -c parameter in the command points to the folder and not the MSI file.

  2. Add the App in Intune:

    1. Login to your Intune Admin Center and go to Apps > Windows and click Add.

    2. Select Windows app (Win32) and upload your new .intunewin file (in this example, Admin By Request 8.6 Workstation.intunewin).

    3. Add the details required in the following tabs:

      • App Information

      • Program

      • Requirements

      • Detection Rules

      • Dependencies

      • Assignments

    4. sadfasdfasdf

  3. Monitor Deployment:

 

Test the Installation on Random Endpoints

Testing the installation involves a quick connection check:

  1. On an endpoint with Admin By Request installed, launch the application by selecting it from the system tray and clicking About Admin By Request:

  2. Select Connectivity and check that Operational Status and Cloud Connectivity are OK:


As a further test, you might also want to check the inventory in the portal, to review the details that are now being logged for this endpoint:

  1. From the portal top menu, select Inventory.

  2. Locate the endpoint and click either the computer name link or the Details link:

How to create a Mac configuration profile

  1. In Intune, under Configuration Profiles, select Create Profile.

  2. Enter the following details into the Create a Profile form:

    • Platform: macOS

    • Profile type: Templates

    • Template name: ABR – FDA

  3. Click Create.

  4. Under Device restrictions, go to Configuration settings.

  5. Select Privacy preferences and click Add:

  6. In the Edit Row form, enter the following:

    • Name: ABR – FDA

    • Identifier type: Path

    • Identifier: /Library/adminbyrequest/adminbyrequest

    • For Code Requirement, enter the following line of code:

      Copy 
      identifier "com.fasttracksoftware.adminbyrequest" and anchor apple generic and certificate 1[field.1.2.840.113635.100.6.2.6] /* exists */ and certificate leaf[field.1.2.840.113635.100.6.1.13] /* exists */ and certificate leaf[subject.OU] = AU2ALARPUP
      IMPORTANT

      The code snippet is all one line. Use the Copy button in the top right corner of the code box to copy the code to the clipboard.

    7. The completed form:

  7. Finally, select Allow in field Full disk access: