Package a macOS Application to Be Deployed by Intune MDM


There a number of specific parameters required to successfully package and deploy a macOS application .pkg via Intune MDM.

An example of deploying the FreeCAD application.


export APP_PATH=/Applications/$APP

Remove downloaded from the Internet attribute
sudo xattr -d -r $APP_PATH

Check all required values
defaults read $APP_PATH/Contents/Info CFBundleIdentifier
defaults read $APP_PATH/Contents/Info CFBundleLongVersionString
defaults read $APP_PATH/Contents/Info CFBundleName
defaults read $APP_PATH/Contents/Info CFBundleShortVersionString
defaults read $APP_PATH/Contents/Info CFBundleVersion

Set missing values
defaults write $APP_PATH/Contents/Info CFBundleIdentifier -string "org.freecadweb"
defaults write $APP_PATH/Contents/Info.plist CFBundleLongVersionString -string 0.18-16146
defaults write $APP_PATH/Contents/Info.plist CFBundleShortVersionString -string 0.18
plutil -convert xml1 $APP_PATH/Contents/Info.plist 
cat $APP_PATH/Contents/Info.plist 

Create preinstall script
mkdir $APP_PATH/Contents/Scripts
cat <<EOF >$APP_PATH/Contents/Scripts/preinstall
> #!/bin/bash
> cp -R "$APP" /Applications
> exit 0

chmod +x $APP_PATH/Contents/Scripts/preinstall

cat $APP_PATH/Contents/Scripts/preinstall
cp -R "" /Applications
exit 0

Create postinstall script
cat <<EOF >$APP_PATH/Contents/Scripts/postinstall
> #!/bin/bash
> U=\$(w -h | awk '{ print \$1 }' | uniq)
> chown -R \$U:staff $APP_PATH
> exit 0

chmod +x $APP_PATH/Contents/Scripts/postinstall 

cat $APP_PATH/Contents/Scripts/postinstall
U=$(w -h | awk '{ print $1 }' | uniq)
chown -R $U:staff /Applications/
exit 0

Build package
pkgbuild --scripts $APP_PATH/Contents/Scripts --install-location /Applications  --component $APP_PATH ./FreeCAD.pkg
pkgbuild: Adding component at /Applications/
pkgbuild: Adding top-level preinstall script
pkgbuild: Adding top-level postinstall script
pkgbuild: Wrote package to ./FreeCAD.pkg

productbuild --synthesize --package FreeCAD.pkg /Applications --version 0.18 ./dist.xml
productbuild: Wrote synthesized distribution to ./dist.xml

productbuild --distribution dist.xml --version 0.18 --package-path ./FreeCAD.pkg ./FreeCAD-final.pkg
productbuild: Wrote product to ./FreeCAD-final.pkg

productsign --sign "Developer ID Installer: theether PTY LTD (0123456789)" ./FreeCAD-final.pkg ./FreeCAD-final-signed.pkg 
productsign: using timestamp authority for signature
productsign: signing product with identity "Developer ID Installer: theether PTY LTD (0123456789)" from keychain /Users/theether/Library/Keychains/login.keychain-db
productsign: adding certificate "Developer ID Certification Authority"
productsign: adding certificate "Apple Root CA"
productsign: Wrote signed product archive to ./FreeCAD-final-signed.pkg

Package for Intune
./IntuneAppUtil -c FreeCAD-final-signed.pkg -o .
Microsoft Intune Application Utility for Mac OS X
Copyright 2018 Microsoft Corporation

Creating intunemac file for /FreeCAD-final-signed.pkg
Composing the intunemac file output
Output written to ./FreeCAD-final-signed.pkg.intunemac.

IntuneAppUtil successfully processed "FreeCAD-final-signed.pkg",
to deploy refer to the product documentation.


FreeCAD Your own 3D parametric modeler

How to add macOS line-of-business (LOB) apps to Microsoft Intune

MacOS LOB apps aren't deployed in Microsoft Intune


Apple macOS 10.15

Created: 19th April 2020
Updated: 19th April 2020

© 2005-2023 Jamie Morrison