The existing support for Apple VPP in Microsoft Intune for iOS and iPadOS devices, was made available for macOS platform in early October 2019. You can now deploy any app that is available in the App Store for macOS including core Microsoft Office apps such as Outlook, Word, Excel, PowerPoint, OneDrive and OneNote. App is assigned as available to that User Security Group; User can install the available app manually from the Company Portal. Right now I don't see any app at all in the Company Portal App. It say 'no apps available' and there is a 'Company Portal App' Text button below. When I click that link and log in, funnily enough, I see the app as. While we are excited to see the ability to run iOS/iPadOS apps on macOS 11, M365 apps built for iOS/iPadOS are not available on macOS. Therefore, the Microsoft Intune App SDK for iOS is only supported on iOS/iPadOS. For the best M365 experience, we will continue to support M365 apps built natively for macOS. Learn more about M365 apps on Apple.
-->Microsoft Intune supports a variety of app types and deployment scenarios on Windows 10 devices. After you've added an app to Intune, you can assign the app to users and devices. This article provides more details on the supported Windows 10 scenarios, and also covers key details to note when you're deploying apps to Windows.
Line-of-business (LOB) apps and Microsoft Store for Business apps are the app types supported on Windows 10 devices. The file extensions for Windows apps include .msi, .appx, and .appxbundle.
Note
To deploy modern apps, you need at least:
- For Windows 10 1803, May 23, 2018—KB4100403 (OS Build 17134.81).
- For Windows 10 1709, June 21, 2018—KB4284822 (OS Build 16299.522).
Only Windows 10 1803 and later support installing apps when there is no primary user associated.
LOB app deployment isn't supported on devices running Windows 10 Home editions.
Supported Windows 10 app types
Intune App Deployment Ios
Specific app types are supported based on the version of Windows 10 that your users are running. The following table provides the app type and Windows 10 supportability.
| App type | Home | Pro | Business | Enterprise | Education | S-Mode | HoloLens1 | Surface Hub | WCOS | Mobile |
|---|---|---|---|---|---|---|---|---|---|---|
| .MSI | No | Yes | Yes | Yes | Yes | No | No | No | No | No |
| .IntuneWin | No | Yes | Yes | Yes | Yes | 19H2+ | No | No | No | No |
| Office C2R | No | Yes | Yes | Yes | Yes | RS4+ | No | No | No | No |
| LOB: APPX/MSIX | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| MSFB Offline | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| MSFB Online | Yes | Yes | Yes | Yes | Yes | Yes | RS4+ | No | Yes | Yes |
| Web Apps | Yes | Yes | Yes | Yes | Yes | Yes | Yes2 | Yes2 | Yes | Yes2 |
| Store Link | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes | Yes |
| Microsoft Edge | No | Yes | Yes | Yes | Yes | 19H2+3 | No | No | No | No |
1 To unlock app management, upgrade your HoloLens device to Holographic for Business.
2 Launch from the Company Portal only.
3 For Edge app to install successfully, devices must also be assigned an S-Mode policy.
Windows 10 LOB apps
You can sign and upload Windows 10 LOB apps to the Intune admin console. These can include modern apps, such as Universal Windows Platform (UWP) apps and Windows App Packages (AppX), as well as Win 32 apps, such as simple Microsoft Installer package files (MSI). The admin must manually upload and deploy updates of LOB apps. These updates are automatically installed on user devices that have installed the app. No user intervention is required, and the user has no control over the updates.
Microsoft Store for Business apps
Microsoft Store for Business apps are modern apps, purchased from the Microsoft Store for Business admin portal. They are then synced over to Microsoft Intune for management. The apps can either be online licensed or offline licensed. The Microsoft Store directly manages updates, with no additional action required by the admin. You can also prevent updates to specific apps by using a custom Uniform Resource Identifier (URI). For more information, see Enterprise app management - Prevent app from automatic updates. The user can also disable updates for all Microsoft Store for Business apps on the device.
Categorize Microsoft Store for Business apps
To categorize Microsoft Store for Business apps:
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Apps > All apps.
- Select a Microsoft Store for Business app. Then select Properties > App Information > Category.
- Select a category.
Install apps on Windows 10 devices
Depending on the app type, you can install the app on a Windows 10 device in one of two ways:
- User Context: When an app is deployed in user context, the managed app is installed for that user on the device when the user signs in to the device. Note that the app installation doesn't succeed until the user signs in to the device.
- Modern LOB apps and Microsoft Store for Business apps (both online and offline) can be deployed in user context. The apps support both the Required and Available intents.
- Win32 apps built as User Mode or Dual Mode can be deployed in user context, and support both the Required and Available intents.
- Device Context: When an app is deployed in device context, the managed app is installed directly to the device by Intune.
- Only modern LOB apps and offline licensed Microsoft Store for Business apps can be deployed in device context. These apps only support the Required intent.
- Win32 apps built as Machine Mode or Dual Mode can be deployed in device context, and support only the Required intent.
Note
For Win32 apps built as Dual Mode apps, the admin must choose if the app will function as a User Mode or Machine Mode app for all assignments associated with that instance. The deployment context can't be changed per assignment.
Apps can only be installed in the device context when supported by the device and the Intune app type. Device context installs are supported on Windows 10 desktops and Teams devices, such as the Surface Hub. They aren't supported on devices running Windows Holographic for Business, such as the Microsoft HoloLens.
You can install the following app types in the device context and assign these apps to a device group:
- Win32 apps
- Offline licensed Microsoft Store for Business apps
- LOB apps (MSI, APPX and MSIX)
- Microsoft 365 Apps for enterprise
Windows LOB apps (specifically APPX and MSIX) and Microsoft Store for Business apps (Offline apps) that you've selected to install in device context must be assigned to a device group. The installation fails if one of these apps is deployed in the user context. The following status and error appears in the admin console:
- Status: Failed.
- Error: A user can't be targeted with a device context install.
Important
When used in combination with an Autopilot white glove provisioning scenario, there is no requirement for LOB apps and Microsoft Store for Business apps deployed in device context to target a device group. For more information, see Windows Autopilot white glove deployment.
Note
After you save an app assignment with a specific deployment, you can't change the context for that assignment, except for modern apps. For modern apps, you can change the context from user context to device context.
If there's a conflict in policies on a single user or device, the following priorities apply:
- A device context policy is a higher priority than a user context policy.
- An install policy is a higher priority than an uninstall policy.
Android App Deployment Intune
For more information, see Include and exclude app assignments in Microsoft Intune. For more information about app types in Intune, see Add apps to Microsoft Intune.
Next steps
Microsoft Intune supports the deployment of applications using InstallApplication. This opens the possibility to manage Mac computers with Microsoft Intune, and automatically push Munki to provide additional functionality.
The process for that is outlined in How to add macOS line-of-business (LOB) apps to Microsoft Intune
Make sure:
Your packages are “distribution packages” and signed with a “Developer ID Installer” certificate. See distributing packages with InstallApplication and Intro to installing macOS content from a web server
They don’t contain a space in their filename (thanks, @emilp333!)
Intune Macos App Deployment Settings
As far as I know, there’s no way to make these macOS LOB apps to be installed during the setup assistant (also called: “Bootstrap package”. In practice, the delay between enrolment and the app being deployed can be quite long (I’ve seen 5 minutes while clicking on “Sync” frantically). Also, Microsoft Intune seem to be a little slow to report success or failure in the console. Perhaps time for a User voice feedback?