I'm pretty sure it can't deploy operating system images. I believe all things Intune have focused on the mobile space. At one point it was supposed to be 'SCCM Lite' and be the magic solution for SMBs looking for hw/sw inventory and application deployment. But it did not work very well.-->
Microsoft Intune supports a variety of app types and deployment scenarios on Windows 10 devices. After you've added an app to Intune, you can assign the app to users and devices. This article provides more details on the supported Windows 10 scenarios, and also covers key details to note when you're deploying apps to Windows.
Line-of-business (LOB) apps and Microsoft Store for Business apps are the app types supported on Windows 10 devices. The file extensions for Windows apps include .msi, .appx, and .appxbundle.
To deploy modern apps, you need at least:
- For Windows 10 1803, May 23, 2018—KB4100403 (OS Build 17134.81).
- For Windows 10 1709, June 21, 2018—KB4284822 (OS Build 16299.522).
Only Windows 10 1803 and later support installing apps when there is no primary user associated.
LOB app deployment isn't supported on devices running Windows 10 Home editions.
Supported Windows 10 app types
Specific app types are supported based on the version of Windows 10 that your users are running. The following table provides the app type and Windows 10 supportability.
|App type||Home||Pro||Business||Enterprise||Education||S-Mode||HoloLens1||Surface Hub||WCOS||Mobile|
1 To unlock app management, upgrade your HoloLens device to Holographic for Business.
2 Launch from the Company Portal only.
3 For Edge app to install successfully, devices must also be assigned an S-Mode policy.
Windows 10 LOB apps
You can sign and upload Windows 10 LOB apps to the Intune admin console. These can include modern apps, such as Universal Windows Platform (UWP) apps and Windows App Packages (AppX), as well as Win 32 apps, such as simple Microsoft Installer package files (MSI). The admin must manually upload and deploy updates of LOB apps. These updates are automatically installed on user devices that have installed the app. No user intervention is required, and the user has no control over the updates.
Microsoft Store for Business apps
Microsoft Store for Business apps are modern apps, purchased from the Microsoft Store for Business admin portal. They are then synced over to Microsoft Intune for management. The apps can either be online licensed or offline licensed. The Microsoft Store directly manages updates, with no additional action required by the admin. You can also prevent updates to specific apps by using a custom Uniform Resource Identifier (URI). For more information, see Enterprise app management - Prevent app from automatic updates. The user can also disable updates for all Microsoft Store for Business apps on the device.
Categorize Microsoft Store for Business apps
To categorize Microsoft Store for Business apps:
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Apps > All apps.
- Select a Microsoft Store for Business app. Then select Properties > App Information > Category.
- Select a category.
Install apps on Windows 10 devices
Intune Company Portal Mac Os
Depending on the app type, you can install the app on a Windows 10 device in one of two ways:
- User Context: When an app is deployed in user context, the managed app is installed for that user on the device when the user signs in to the device. Note that the app installation doesn't succeed until the user signs in to the device.
- Modern LOB apps and Microsoft Store for Business apps (both online and offline) can be deployed in user context. The apps support both the Required and Available intents.
- Win32 apps built as User Mode or Dual Mode can be deployed in user context, and support both the Required and Available intents.
- Device Context: When an app is deployed in device context, the managed app is installed directly to the device by Intune.
- Only modern LOB apps and offline licensed Microsoft Store for Business apps can be deployed in device context. These apps only support the Required intent.
- Win32 apps built as Machine Mode or Dual Mode can be deployed in device context, and support only the Required intent.
For Win32 apps built as Dual Mode apps, the admin must choose if the app will function as a User Mode or Machine Mode app for all assignments associated with that instance. The deployment context can't be changed per assignment.
Apps can only be installed in the device context when supported by the device and the Intune app type. Device context installs are supported on Windows 10 desktops and Teams devices, such as the Surface Hub. They aren't supported on devices running Windows Holographic for Business, such as the Microsoft HoloLens.
You can install the following app types in the device context and assign these apps to a device group:
- Win32 apps
- Offline licensed Microsoft Store for Business apps
- LOB apps (MSI, APPX and MSIX)
- Microsoft 365 Apps for enterprise
Intune Macos Software Deployment
Windows LOB apps (specifically APPX and MSIX) and Microsoft Store for Business apps (Offline apps) that you've selected to install in device context must be assigned to a device group. The installation fails if one of these apps is deployed in the user context. The following status and error appears in the admin console:
- Status: Failed.
- Error: A user can't be targeted with a device context install.
When used in combination with an Autopilot white glove provisioning scenario, there is no requirement for LOB apps and Microsoft Store for Business apps deployed in device context to target a device group. For more information, see Windows Autopilot white glove deployment.
It gives you access to the entire Spotify catalog much like its mobile counterpart, letting you search and listen to nearly any track, artist, or album free of charge.You can also use it to build custom playlists or capitalize on personal recommendations that span jazz, hip hop, rock, and everything in between.Solid BitTorrent clients are few and far between, but Transmission ranks among the best. Fortunately, Spotify’s official desktop app represents the perfect alternative for those looking to branch out beyond the Apple ecosystem. The lightweight app excels when it comes to download speed, and blends seamlessly with MacOS. Free mac apps downloads.
After you save an app assignment with a specific deployment, you can't change the context for that assignment, except for modern apps. For modern apps, you can change the context from user context to device context.
If there's a conflict in policies on a single user or device, the following priorities apply:
- A device context policy is a higher priority than a user context policy.
- An install policy is a higher priority than an uninstall policy.
For more information, see Include and exclude app assignments in Microsoft Intune. For more information about app types in Intune, see Add apps to Microsoft Intune.
Use the information in this article to help you add macOS line-of-business apps to Microsoft Intune. You must download an external tool to pre-process your .pkg files before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your .pkg files must take place on a macOS device.
Starting with the release of macOS Catalina 10.15, prior to adding your apps to Intune, check to make sure your macOS LOB apps are notarized. If the developers of your LOB apps did not notarize their apps, the apps will fail to run on your users' macOS devices. For more information about how to check if an app is notarized, visit Notarize your macOS apps to prepare for macOS Catalina.
While users of macOS devices can remove some of the built-in macOS apps like Stocks, and Maps, you cannot use Intune to redeploy those apps. If end users delete these apps, they must go to the app store, and manually re install them.
Before your start
You must download an external tool, mark the downloaded tool as an executable, and pre-process your .pkg files with the tool before you can upload your line-of-business file to Microsoft Intune. The pre-processing of your .pkg files must take place on a macOS device. Use the Intune App Wrapping Tool for Mac to enable Mac apps to be managed by Microsoft Intune.
The .pkg file must be signed using 'Developer ID Installer' certificate, obtained from an Apple Developer account. Only .pkg files may be used to upload macOS LOB apps to Microsoft Intune. Conversion of other formats, such as .dmg to .pkg is not supported.
Download the Intune App Wrapping Tool for Mac.
The Intune App Wrapping Tool for Mac must be run on a macOS machine.
Mark the downloaded tool as an executable:
- Start the terminal app.
- Change the directory to the location where
- Run the following command to make the tool executable:
chmod +x IntuneAppUtil
IntuneAppUtilcommand within the Intune App Wrapping Tool for Mac to wrap .pkg LOB app file from a .intunemac file.
Sample commands to use for the Microsoft Intune App Wrapping Tool for macOS:
Ensure that the argument
<source_file>does not contain spaces before running the
This command will show usage information for the tool.
IntuneAppUtil -c <source_file> -o <output_directory_path> [-v]
This command will wrap the .pkg LOB app file provided in
<source_file>to a .intunemac file of the same name and place it in the folder pointed to by
IntuneAppUtil -r <filename.intunemac> [-v]
This command will extract the detected parameters and version for the created .intunemac file.
Select the app type
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Apps > All apps > Add.
- In the Select app type pane, under the Other app types, select Line-of-business app.
- Click Select. The Add app steps are displayed.
Step 1 - App information
Select the app package file
- In the Add app pane, click Select app package file.
- In the App package file pane, select the browse button. Then, select an macOS installation file with the extension .intunemac.The app details will be displayed.
- When you're finished, select OK on the App package file pane to add the app.
Set app information
- In the App information page, add the details for your app. Depending on the app that you chose, some of the values in this pane might be automatically filled in.
- Name: Enter the name of the app as it appears in the company portal. Make sure all app names that you use are unique. If the same app name exists twice, only one of the apps appears in the company portal.
- Description: Enter the description of the app. The description appears in the company portal.
- Publisher: Enter the name of the publisher of the app.
- Minimum Operating System: From the list, choose the minimum operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.
- Category: Select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the company portal.
- Show this as a featured app in the Company Portal: Display the app prominently on the main page of the company portal when users browse for apps.
- Information URL: Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal.
- Privacy URL: Optionally, enter the URL of a website that contains privacy information for this app. The URL appears in the company portal.
- Developer: Optionally, enter the name of the app developer.
- Owner: Optionally, enter a name for the owner of this app. An example is HR department.
- Notes: Enter any notes that you want to associate with this app.
- Logo: Upload an icon that is associated with the app. This icon is displayed with the app when users browse through the company portal.
- Click Next to display the Scope tags page.
Step 2 - Select scope tags (optional)
You can use scope tags to determine who can see client app information in Intune. For full details about scope tags, see Use role-based access control and scope tags for distributed IT.
- Click Select scope tags to optionally add scope tags for the app.
- Click Next to display the Assignments page.
Step 3 - Assignments
- Select the Required, Available for enrolled devices, or Uninstall group assignments for the app. For more information, see Add groups to organize users and devices and Assign apps to groups with Microsoft Intune.
- Click Next to display the Review + create page.
Step 4 - Review + create
Review the values and settings you entered for the app.
When you are done, click Create to add the app to Intune.
The Overview blade for the line-of-business app is displayed.
The app you have created appears in the apps list where you can assign it to the groups you choose. For help, see How to assign apps to groups.
If the .pkg file contains multiple apps or app installers, then Microsoft Intune will only report that the app is successfully installed when all installed apps are detected on the device.
Update a line-of-business app
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Apps > All apps.
- Find and select your app from the list of apps.
- Select Properties under Manage from the app pane.
- Select Edit next to App information.
- Click on the listed file next to Select file to update. The App package file pane is displayed.
- Select the folder icon and browse to the location of your updated app file. Select Open. The app information is updated with the package information.
- Verify that App version reflects the updated app package.
For the Intune service to successfully deploy a new .pkg file to the device you must increment the package
CFBundleVersion string in the packageinfo file in your .pkg package.
The app you have created is displayed in the apps list. You can now assign it to the groups you choose. For help, see How to assign apps to groups.
Learn more about the ways in which you can monitor the properties and assignment of your app. For more information, see How to monitor app information and assignments.
Learn more about the context of your app in Intune. For more information, see Overview of device and app lifecycles