Using Intune
Unfortunately, Intune does not support deployment of zipped PKG files natively (ZIP contains the agent_parameter.json, certificate, and installer). Therefore, there are a few extra steps required to deploy to Macs via Intune.
Review Installing using MDM on Mac and ensure that the MDM profile is on the devices you install to. Otherwise, the user will need to manually accept permissions.
Overview
Using Microsoft Intune to deploy dope.security on macOS involves three major steps:
Deploy MDM Profile to Mac devices via Intune
Create a
.pkg
with all required files and a unique receipt identifier.Write a post-install script to automate additional installation tasks and clean-up.
Upload and configure your PKG in Intune with the proper detection rules.
1. Create a PKG with Files and a Custom Receipt
Due to Intune limitations, a single macOS installer package (.pkg
) needs to be created:
The installer files required by dope.security (installer, agent_parameters.json, certificate) downloadable from the dope.console
Unique package identifier for Intune/macOS to confirm successful install
Steps
Organize Files
Create a temp directory with the three dope.security installation files:
e.g. /tmp/myfiles
Build the Package
Use
pkgbuild
to create the.pkg
. Below is a simple example:bash; pkgbuild --root /tmp/myfiles --identifier installer.dope.com --version 1.0 --install-location /tmp /tmp/my_package.pkg
Key flags:
--identifier installer.dope.com
: A unique identifier for this package.--install-location /tmp
: Where the files will be placed on the Mac. Adjust to suit your environment, for instance/Applications
or/usr/local/bin
.
Verify the Package
Check Package Signature:
pkgutil --check-signature /tmp/my_package.pkg
List Package Contents:
pkgutil --payload-files /tmp/my_package.pkg
Confirm it includes the three files before proceeding
2. Customize Post-Install Script
The post-install script automates the extra steps-- running the dope.security installer and cleaning up.
Post-Install Script
#!/bin/bash
# Variables
INSTALLER_PATH="/tmp/dope_security_1.0.INSERT_VERSION.pkg"
LOG_FILE="/var/log/dope_install.log"
# Step 1: Silent installation
echo "Starting silent installation..." | tee -a "$LOG_FILE"
sudo installer -pkg "$INSTALLER_PATH" -target / >> "$LOG_FILE" 2>&1
# Step 2: Cleanup
echo "Cleaning up temporary files..." | tee -a "$LOG_FILE"
rm -f "$INSTALLER_PATH"
# Finalize
echo "Installation complete." | tee -a "$LOG_FILE"
exit 0
3. Upload the PKG to Intune
Intune needs the package and detection to ensure successful installation. Upload the .pkg
file, configure the Intune checks, and add the post-install script.
Steps
Upload the PKG
Sign in to the Microsoft Endpoint Manager admin center.
Go to: Devices > macOS > macOS Apps > Add.
When prompted, select and upload your
.pkg
(e.g.,/tmp/my_package.pkg
).
Configure Detection Logic
For detection, use:
security.dope.DopeSecurityApp
Add the Post-Install Script
Paste your
postinstall
script here.
Test the Deployment
Assign the app to a test device or test group.
Once installed, verify:
dope.security is active and running.
The PKG appears:
FOUND="$(mdfind 'kMDItemKind == "Application"' -onlyin /Applications | while read app; do BID="$(mdls -name kMDItemCFBundleIdentifier -raw "$app" 2>/dev/null)"; [ "$BID" = "security.dope.DopeSecurityApp" ] && echo "$app" && break; done)"; [ -z "$FOUND" ] && echo "Not found" || echo "Found at $FOUND"
Last updated