Using Intune

Unfortunately, Intune does not support deployment of zipped PKG files natively (ZIP contains the agent_parameter.json, certificate, and installer). Therefore, there are a few extra steps required to deploy to Macs via Intune.

Overview

Using Microsoft Intune to deploy dope.security on macOS involves three major steps:

1. Deploy MDM Profile to Mac devices via Intune

2. Create a.pkg with all required files and a unique receipt identifier.

3. Write a post-install script to automate additional installation tasks and clean-up.

4. Upload and configure your PKG in Intune with the proper detection rules.

1. Create a PKG with Files and a Custom Receipt

Due to Intune limitations, a single macOS installer package (.pkg) needs to be created:

• The installer files required by dope.security (installer, agent_parameters.json, certificate) downloadable from the dope.console

• Unique package identifier for Intune/macOS to confirm successful install

Steps

1. Organize Files

   • Create a temp directory with the three dope.security installation files:

     Copy

     e.g. /tmp/myfiles

2. Build the Package

   • Use pkgbuild to create the .pkg. Below is a simple example:

     Copy

     bash;
     pkgbuild --root /tmp/myfiles --identifier installer.dope.com --version 1.0 --install-location /tmp /tmp/my_package.pkg

   • Key flags:

     • --identifier installer.dope.com: A unique identifier for this package.

     • --install-location /tmp: Where the files will be placed on the Mac. Adjust to suit your environment, for instance /Applications or /usr/local/bin.

3. Verify the Package

   • Check Package Signature:

     Copy

     pkgutil --check-signature /tmp/my_package.pkg

   • List Package Contents:

     Copy

     pkgutil --payload-files /tmp/my_package.pkg

   • Confirm it includes the three files before proceeding

2. Customize Post-Install Script

The post-install script automates the extra steps-- running the dope.security installer and cleaning up.

Post-Install Script

#!/bin/bash

# Variables
INSTALLER_PATH="/tmp/dope.security-1.0.INSERT_VERSION.pkg"
LOG_FILE="/var/log/dope_install.log"

# Step 1: Silent installation
echo "Starting silent installation..." | tee -a "$LOG_FILE"
sudo installer -pkg "$INSTALLER_PATH" -target / >> "$LOG_FILE" 2>&1

# Step 2: Cleanup
echo "Cleaning up temporary files..." | tee -a "$LOG_FILE"
rm -f "$INSTALLER_PATH"

# Finalize
echo "Installation complete." | tee -a "$LOG_FILE"
exit 0

3. Upload the PKG to Intune

Intune needs the package and detection to ensure successful installation. Upload the .pkg file, configure the Intune checks, and add the post-install script.

Steps

1. Upload the PKG

   • Sign in to the Microsoft Endpoint Manager admin center.

   • Go to: Devices > macOS > macOS Apps > Add.

   • When prompted, select and upload your .pkg (e.g., /tmp/my_package.pkg).

2. Configure Detection Logic

   • For detection, use:

   Copy

   security.dope.DopeSecurityApp
3. Add the Post-Install Script

   • Paste your postinstall script here.

4. Test the Deployment

   • Assign the app to a test device or test group.

   • Once installed, verify:

     • dope.security is active and running.

     • The PKG appears:

       Copy

       FOUND="$(mdfind 'kMDItemKind == "Application"' -onlyin /Applications | while read app; do BID="$(mdls -name kMDItemCFBundleIdentifier -raw "$app" 2>/dev/null)"; [ "$BID" = "security.dope.DopeSecurityApp" ] && echo "$app" && break; done)"; [ -z "$FOUND" ] && echo "Not found" || echo "Found at $FOUND"