# Using Intune

{% embed url="<https://youtu.be/cV12Hc1QVpM>" %}

Unfortunately, Intune does not support deployment of zipped PKG files natively (ZIP contains the agent\_parameter.json, certificate, and installer). Therefore, there are a few extra steps required to deploy to Macs via Intune.

{% hint style="warning" %}
Review [Installing using MDM on Mac](/dope.endpoint/installing-using-mdm-on-mac.md) and ensure that the MDM profile is on the devices you install to. Otherwise, the user will need to manually accept permissions.
{% endhint %}

***

### **Overview**

Using Microsoft Intune to deploy *dope.security* on macOS involves three major steps:

1. **Deploy** [**MDM Profile**](/dope.endpoint/installing-using-mdm-on-mac.md) to Mac devices via Intune
2. **Create a`.pkg`** with all required files and a unique receipt identifier.
3. **Write a post-install script** to automate additional installation tasks and clean-up.
4. **Upload and configure your PKG** in Intune with the proper detection rules.

***

### **1. Create a PKG with Files and a Custom Receipt**

Due to Intune limitations, a single macOS installer package (`.pkg`) needs to be created:

* The **installer files** required by *dope.security* (installer, agent\_parameters.json, certificate) downloadable from the dope.console
* **Unique package identifier** for Intune/macOS to confirm successful install

#### **Steps**

1. **Organize Files**
   * Create a temp directory with the three dope.security installation files:

     ```bash
     e.g. /tmp/myfiles
     ```
2. **Build the Package**
   * Use `pkgbuild` to create the `.pkg`. Below is a simple example:

     ```bash
     bash;
     pkgbuild --root /tmp/myfiles --identifier installer.dope.com --version 1.0 --install-location /tmp /tmp/my_package.pkg
     ```
   * Key flags:
     * `--identifier installer.dope.com`: A unique identifier for this package.
     * `--install-location /tmp`: Where the files will be placed on the Mac. Adjust to suit your environment, for instance `/Applications` or `/usr/local/bin`.
3. **Verify the Package**
   * **Check Package Signature**:

     ```bash
     pkgutil --check-signature /tmp/my_package.pkg
     ```
   * **List Package Contents**:

     ```bash
     pkgutil --payload-files /tmp/my_package.pkg
     ```
   * Confirm it includes the three files before proceeding

***

### **2. Customize Post-Install Script**

The post-install script automates the extra steps-- running the *dope.security* installer and cleaning up.

{% hint style="info" %}
Change the package version to what you've downloaded in the script below
{% endhint %}

#### **Post-Install Script**

```bash
#!/bin/bash

# Variables
INSTALLER_PATH="/tmp/dope_security_1.0.INSERT_VERSION.pkg"
LOG_FILE="/var/log/dope_install.log"

# Step 1: Silent installation
echo "Starting silent installation..." | tee -a "$LOG_FILE"
sudo installer -pkg "$INSTALLER_PATH" -target / >> "$LOG_FILE" 2>&1

# Step 2: Cleanup
echo "Cleaning up temporary files..." | tee -a "$LOG_FILE"
rm -f "$INSTALLER_PATH"

# Finalize
echo "Installation complete." | tee -a "$LOG_FILE"
exit 0
```

***

### **3. Upload the PKG to Intune**

Intune needs the package and detection to ensure successful installation. Upload the `.pkg` file, configure the Intune checks, and add the post-install script.

#### **Steps**

1. **Upload the PKG**
   * Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
   * Go to: **Devices** > **macOS** > **macOS Apps** > **Add**.
   * When prompted, select and upload your `.pkg` (e.g., `/tmp/my_package.pkg`).
2. **Configure Detection Logic**

   * For detection, use:

   ```bash
   security.dope.DopeSecurityApp
   ```

   *

   ```
   <figure><img src="../../.gitbook/assets/image (3) (1).png" alt=""><figcaption></figcaption></figure>
   ```
3. **Add the Post-Install Script**
   * Paste your `postinstall` script here.
4. **Test the Deployment**
   * Assign the app to a test device or test group.
   * Once installed, verify:
     * *dope.security* is active and running.
     * The PKG appears:

       ```bash
       FOUND="$(mdfind 'kMDItemKind == "Application"' -onlyin /Applications | while read app; do BID="$(mdls -name kMDItemCFBundleIdentifier -raw "$app" 2>/dev/null)"; [ "$BID" = "security.dope.DopeSecurityApp" ] && echo "$app" && break; done)"; [ -z "$FOUND" ] && echo "Not found" || echo "Found at $FOUND"
       ```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://inflight.dope.security/dope.endpoint/installing-using-mdm-on-mac/using-intune.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.