MicrosoftDocs
diff --git a/‎memdocs/intune/apps/apps-add.md‎
Lines changed: 2 additions & 1 deletion b/‎memdocs/intune/apps/apps-add.md‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎memdocs/intune/apps/lob-apps-macos-agent.md‎
Lines changed: 72 additions & 0 deletions b/‎memdocs/intune/apps/lob-apps-macos-agent.md‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎memdocs/intune/apps/lob-apps-macos-dmg.md‎
Lines changed: 169 additions & 0 deletions b/‎memdocs/intune/apps/lob-apps-macos-dmg.md‎
Lines changed: 169 additions & 0 deletions
@@ -6,7 +6,7 @@ keywords:
 author: Erikre
 ms.author: erikre
 manager: dougeby
-ms.date: 11/22/2021
+ms.date: 01/18/2022
 ms.topic: overview
 ms.service: microsoft-intune
 ms.subservice: apps
@@ -67,6 +67,7 @@ The following table lists the specific app types and how you can add them in the
 | Android Enterprise system apps  | Store app  | Select **Android Enterprise system app** as the **app type**, and then enter the app name, publisher, and package file.  |
 | Windows app (Win32)  | LOB app  | Select **Windows app (Win32)** as the **app type**, select the **App package file**, and then select an installation file with the extension **.intunewin**.  |
 | macOS LOB apps | LOB app  | Select **Line-of-business** as the **app type**, select the **App package file**, and then select an installation file with the extension **.intunemac**.  |
+| macOS apps (DMG) | LOB app (non-store app)  | Select **macOS app (DMG)** as the app type, select the **App package** file, and then select an installation file with the extension *.dmg*.  |
 
 <sup>1</sup> For more information about Android Enterprise and Android work profiles, see [Understanding licensed apps](apps-add.md#understanding-licensed-apps) below.
 
 
@@ -0,0 +1,72 @@
+---
+# required metadata
+
+title: Understanding Microsoft Intune management agent for macOS
+titleSuffix:
+description: Learn about the Microsoft Intune management agent for macOS.
+keywords:
+author: Erikre
+ms.author: erikre
+manager: dougeby
+ms.date: 01/18/2022
+ms.topic: how-to
+ms.service: microsoft-intune
+ms.subservice: apps
+ms.localizationpriority: medium
+ms.technology:
+ms.assetid: 
+
+# optional metadata
+
+#ROBOTS:
+#audience:
+
+ms.reviewer: arnab
+ms.suite: ems
+search.appverid: MET150
+#ms.tgt_pltfrm:
+ms.custom: intune-azure
+ms.collection:
+- M365-identity-device-management
+- macOS
+- highpri
+---
+
+# Microsoft Intune management agent for macOS
+
+### Why is the agent required?
+The Microsoft Intune management agent is necessary to be installed on managed macOS devices in order to enable advanced device management capabilities that are not supported by the native macOS operating system.
+ 
+### How is the agent installed?
+ The agent is automatically and silently installed on Intune-managed macOS devices that you assign at least one shell script to in Microsoft Endpoint Manager Admin Center. The agent is installed at `/Library/Intune/Microsoft Intune Agent.app` when applicable and doesn't appear in **Finder** > **Applications** on macOS devices. The agent appears as `IntuneMdmAgent` in **Activity Monitor** when running on macOS devices.
+
+### What does the agent do?
+ - The agent silently authenticates with Intune services before checking in to receive assigned shell scripts for the macOS device.
+ - The agent receives assigned shell scripts and runs the scripts based on the configured schedule, retry attempts, notification settings, and other settings set by the admin.
+ - The agent checks for new or updated scripts with Intune services usually every 8 hours. This check-in process is independent of the MDM check-in. 
+ 
+### How can I manually initiate an agent check-in from a Mac?
+On a managed Mac that has the agent installed, open **Company Portal**, select the local device, click on **Check settings**. This initiates an MDM check-in as well as an agent check-in.
+
+Alternatively, open **Terminal**, run the `sudo killall IntuneMdmAgent` command to terminate the `IntuneMdmAgent` process. The `IntuneMdmAgent` process will restart immediately, which will initiate a check-in with Intune.
+
+> [!NOTE]
+> The **Sync** action for devices in Microsoft Endpoint Manager Admin Console initiates an MDM check-in and does not force an agent check-in.
+
+### When is the agent removed?
+ There are several conditions that can cause the agent to be removed from the device such as:
+ - Shell scripts are no longer assigned to the device. 
+ - The macOS device is no longer managed.
+ - The agent is in an irrecoverable state for more than 24 hours (device-awake time).
+
+### Why are scripts running even though the Mac is no longer managed?
+ When a Mac with assigned scripts is no longer managed, the agent is not removed immediately. The agent detects that the Mac is not managed at the next agent check-in (usually every 8 hours) and cancels scheduled script-runs. So, any locally stored scripts scheduled to run more frequently than the next scheduled agent check-in will run. When the agent is unable to check-in, it retries checking in for up to 24 hours (device-awake time) and then removes itself from the Mac.
+ 
+### How to turn off usage data sent to Microsoft for shell scripts?
+ To turn off usage data sent to Microsoft from the Intune management agent, open Company Portal and select **Menu** > **Preferences** > *uncheck 'allow Microsoft to collect usage data'*. This will turn off usage data sent for both the agent and Company Portal.
+
+## Next steps
+
+- The app you have created is displayed in the apps list. You can now assign it to the groups you choose. For help, see [How to assign apps to groups](apps-deploy.md).
+- Learn more about the ways in which you can monitor the properties and assignment of your app. For more information, see [How to monitor app information and assignments](apps-monitor.md).
+- Learn more about the context of your app in Intune. For more information, see [Overview of device and app lifecycles](../fundamentals/device-lifecycle.md)
@@ -0,0 +1,169 @@
+---
+# required metadata
+
+title: Add a macOS DMG app to Microsoft Intune 
+titleSuffix:
+description: Add a macOS DMG app to Microsoft Intune.
+keywords:
+author: Erikre
+ms.author: erikre
+manager: dougeby
+ms.date: 01/18/2022
+ms.topic: how-to
+ms.service: microsoft-intune
+ms.subservice: apps
+ms.localizationpriority: medium
+ms.technology:
+ms.assetid: 
+
+# optional metadata
+
+#ROBOTS:
+#audience:
+
+ms.reviewer: arnab
+ms.suite: ems
+search.appverid: MET150
+#ms.tgt_pltfrm:
+ms.custom: intune-azure
+ms.collection:
+- M365-identity-device-management
+- macOS
+- highpri
+---
+
+# Add a macOS DMG app to Microsoft Intune 
+
+> [!NOTE]
+> The feature is in public preview. 
+
+Use the information in this article to help you add a macOS DMG app to Microsoft Intune. A DMG app is a disk image file that contains one or more applications within it. Many common applications for macOS are available in DMG format. For more information about how to create a disk image file, see [Apple’s website](https://support.apple.com/guide/disk-utility/create-a-disk-image-dskutl11888/mac). 
+
+> [!NOTE]
+> The DMG file must contain one or more files with .app extensions. DMG files containing other types of installer files will not be installed. 
+
+## Prerequisites
+
+The following prerequisites must be met before a macOS DMG app is installed on macOS devices.
+- Devices are managed by Intune.
+- DMG app is smaller than 2GB in size.
+- The [Microsoft Intune management agent for macOS](../apps/lob-apps-macos-agent.md) is installed. 
+
+## Important considerations for deploying DMG apps
+
+A single DMG should only contain a single application file or multiple application files that are dependent on one another. The containing application files can be listed under the **Included apps** section in the **Detection rules** tab in order starting with the parent app to be used in reports. 
+
+It is not recommended that multiple apps that are not dependent on each other are installed using the same DMG file. If multiple independent apps are deployed using the same DMG app, failure to install one app will cause other apps to be re-installed. In this case, monitoring reports consider the DMG installation a failure as well.
+
+## Select the app type
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+2. Select **Apps** > **All apps** > **Add**.
+3. In the **Select app type** pane, under the **Other** app types, select **macOS app (DMG)**.
+4. Click **Select**. The **Add app** steps are displayed.
+
+## Step 1 – App information
+
+Select the app package file:
+1. In the **Add app** pane, click **Select app package file**.
+2. In the **App package file** pane, select the browse button. Then, select a macOS DMG file with the extension *.dmg*. The app details will be displayed.
+3. When you're finished, select **OK** on the **App package file** pane to add the app.
+
+### Set app information
+
+1. In the **App information** page, add the details for your app. Depending on the app that you chose, some of the values in this pane might be automatically filled in.
+
+    - **Name**: Enter the name of the app as it appears in the policy name and company portal. Make sure all app names that you use are unique. If the same app name exists twice, only one of the apps appears in the company portal.
+    - **Description**: Enter the description of the app. The description appears in the company portal.
+    - **Publisher**: Enter the name of the publisher of the app.
+    - **Category**: Select one or more of the built-in app categories, or select a category that you created. Categories make it easier for users to find the app when they browse through the company portal.
+    - **Information URL**: Optionally, enter the URL of a website that contains information about this app. The URL appears in the company portal.
+    - **Privacy URL**: Optionally, enter the URL of a website that contains privacy information for this app. The URL appears in the company portal.
+    - **Developer**: Optionally, enter the name of the app developer.
+    - **Owner**: Optionally, enter a name for the owner of this app. An example is HR department.
+    - **Notes**: Enter any notes that you want to associate with this app.
+    - **Logo**: Upload an icon that is associated with the app. This icon is displayed with the app when users browse through the company portal.
+2. Click Next to display the Scope tags page.
+
+## Step 2 – Requirements
+
+You can choose the minimum operating system required to install this app.
+
+**Minimum Operating System**: From the list, choose the minimum operating system version on which the app can be installed. If you assign the app to a device with an earlier operating system, it will not be installed.
+
+## Step 3 – Detection rules
+
+You can use detection rules to choose how an app installation is detected on a managed macOS device.
+
+**Ignore app version**: Select **Yes** to install the app if the app is not already installed on the device. This will only look for the presence of the app bundle ID. For apps that have an auto-update mechanism, select **Yes**. Select **No** to install the app when it is not already installed on the device, or if the deploying app's version number does not match the version that's already installed on the device.
+
+**Included apps**: Provide the apps that are contained in the uploaded file. Included app bundle IDs and build numbers are used for detecting and monitoring app installation status of the uploaded file. Included apps list should only contain the application(s) installed by the uploaded file in **Applications** folder on Macs. Any other type of file that is not an application or an application that is not installed to **Applications** folder should be excluded from the **Included apps** list. If **Included apps** list contains files that are not applications or if all the listed apps are not installed, app installation status does not report success.
+
+> [!NOTE]
+> - The first app on the Included apps list is used for identifying the app when multiple apps are present in the DMG file. 
+> - Mac Terminal can be used to lookup and confirm the included app details of an installed app.
+>   For example, to look up the bundle ID and build number of Company Portal, run the following:
+> 
+>   ```defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleIdentifier```
+> 
+>   Then, run the following:
+> 
+>   ```defaults read /Applications/Company\ Portal.app/Contents/Info CFBundleVersion```
+>
+> - Alternatively, the `CFBundleIdentifier` and `CFBundleVersion` can be found under the ```<app_name>.app/Contents/Info.plist``` file of a mounted DMG file on a Mac.
+
+## Step 4 – Select scope tags (optional)
+
+You can use scope tags to determine who can see client app information in Intune. For full details about scope tags, see [Use role-based access control and scope tags for distributed IT](../fundamentals/scope-tags.md).
+    1. Click Select scope tags to optionally add scope tags for the app.
+    2. Click Next to display the Assignments page.
+
+## Step 5 - Assignments
+
+1. Select the **Required group assignments** for the app. For more information, see [Add groups to organize users and devices](../fundamentals/groups-add.md) and [Assign apps to groups with Microsoft Intune](../apps/apps-deploy.md).
+2. Click **Next** to display the **Review + create** page.
+
+## Step 6 – Review + create
+
+1. Review the values and settings you entered for the app.
+2. When you are done, click **Create** to add the app to Intune. 
+   The **Overview** pane for the macOS DMG app is displayed.
+
+The app you have created appears in the apps list where you can assign it to the groups you choose. For help, see [How to assign apps to groups](../apps/apps-deploy.md).
+
+> [!NOTE]
+> If the *.dmg* file contains multiple apps, then Microsoft Intune will only report that the app is successfully installed when all installed apps are detected on the device.
+
+## Next steps
+
+- The app you have created is displayed in the apps list. You can now assign it to the groups you choose. For help, see [How to assign apps to groups](apps-deploy.md).
+- Learn more about the ways in which you can monitor the properties and assignment of your app. For more information, see [How to monitor app information and assignments](apps-monitor.md).
+- Learn more about the context of your app in Intune. For more information, see [Overview of device and app lifecycles](../fundamentals/device-lifecycle.md)
+
+## Known issues
+
+- **"Uninstall" and "Available for enrolled devices" assignment types are not available**: only "Required" assignment type is currently supported. 
+- **"Collect logs" action is unavailable during preview**: log collection feature on macOS apps (DMG) is unavailable during preview. 
+- **Errors might not show details during preview**: some errors you encounter may only show "Failed" status with an error code and not provide additional details.
+- **App upgrade fails to install**: Updating an app that has the same bundle ID as an existing app in Applications folder fails to install. 
+- **DMG apps report once after deployment**: Assigned DMG apps report back on initial deployment only. These apps will not report back again during preview.
+- **Some DMG apps may display a warning to end-users on launch**: Apps downloaded from the internet and deployed using Intune may show a warning to end-users when launched. End-users can click "Open" on the dialog to continue opening the app.
+
+  ![DMG apps may display a warning to end-users on launch](./media/lob-apps-macos-dmg/lob-apps-macos-dmg-01.png)
+
+- **Some app icons may not display immediately after installation**: some app icons may take some time after installation to start displaying on the installed device.
+- **Monitoring reports only show error code**: failed app installations only show an error code in "device status" monitoring reports. To show error details, refresh the browser window or refer to the table in the Troubleshooting section.
+
+
+## Troubleshooting
+
+macOS app installation may not be successful due to any of the following reasons provided in the table below. To resolve these errors, follow the remediation steps. If the app remains assigned, failed installations are retried at the next agent check-in.
+
+| Error code | Error message | Remediation steps |
+|------------|---------------|-------------------|
+| 0x87D30137 | The device doesn't meet the minimum OS requirement set by the admin. | Update macOS to the minimum OS version required by the admin. |
+| 0x87D3013E | The DMG file doesn't contain any supported app. It must contain at least one .app file. | Ensure that the uploaded file contains one or more .app files. |
+| 0x87D30139 | The DMG file couldn't be mounted for installation. Check the DMG file if the error persists. | Try manually mounting the DMG file to verify that the volume loads successfully. |
+| 0x87D3013B | The app couldn't be installed to the Applications directory. Sync the device to retry installing the app. | Ensure that the device can install apps locally to the Applications directory. |
+| 0x87D3012F, 0x87D30130, 0x87D30133, 0x87D30134, 0x87D30136,| The app couldn't be installed due to an internal error. Contact Intune support if the error persists. | Something went wrong while installing the app using Intune. Try installing the app manually or try creating a new macOS app profile containing the app. Contact Intune support if the error persists. |
+| 0x87D30131, 0x87D30132 | The app couldn't be downloaded. Sync the device to retry installing the app. | Something went wrong while downloading the app. This may happen if the network is poor or the app size is large. |
+| 0x87D30135 | The app couldn't be installed due to a device error. Sync the device to retry installing the app. | This could be due to insufficient disk space or the app could not be written to the folder. Ensure that the device can install apps to the Applications folder. |