Event banner
Event details
29 Comments
- Heather_Poulsen
Community Manager
Thanks for joining us today. We'll be back with a new season of Unpacking Endpoint Management this September. Have a topic you'd like to see us cover? Leave us a comment at https://aka.ms/UEM -- which is conveniently where you'll find new dates/times for future episodes when announced!
When looking at the various app types (win32 vs LOB vs pkg etc.) and scripts across the various platforms, the assignment options in Intune are not consistent. Is there an initiative to normalize this to offer a complete & consistent experience across all assignments (apps, app types, scripts etc.) regardless of the target platform (Windows, Mac etc.)?
Examples:
- Win32 apps allow filters
- Mac apps (pkg/dmg) do not allow filters
- Windows Line of business apps allow for setting include and exclude assignment modes. Few, if any, other apps or scripts allow that.
- Windows Line of business apps (among others) don't allow setting availability, installation deadline etc.
- Mac apps (pkg/dmg) only allow for required assignments which is not always desirable. Why isn't available an option?
- Munki and Autopkg has proven to be an affective workaround with some of the inefficiencies in macOS App management in Intune. Are there any plans to create something similar in Intune to improve app distribution and patching? Either similar to the aforementioned solutions or something new in-house?
- Joe_Lurie
Microsoft
eddiejimenez Danny answered this at 46:24 in the AMA. Thanks for the question!
- Or even integrating those. I think WS1 integrated Munki capabilities rather than trying to reinvent the wheel.
- 100%
- As a general percentage, how much functionality is the same when enrolling/ using Entra/intune on a Linux machine?
- Any improvements coming in non-LOB package detection rules, beyond the current app bundle version check? This is needed to cover situations for packages that install in non-standard locations or don't have an app bundle. Currently these types of packages install over and over every check-in, since it can't determine if a package is already installed. It would be awesome to offer more detections, such as checking package receipts/version, a particular file path, or a user generated install check script to determine if a package is already installed.
- Joe_LurieFor reference, this is answered at 44:24 Live in the AMA.
Arnab Biswas thank you for answering this during today's live episode.
One way Microsoft could quickly and immediately address this would be to slighly alter the Pre-install script exit code check.
Currently according to https://learn.microsoft.com/en-us/mem/intune/apps/macos-unmanaged-pkg documentation, "Pre-install script: Provide a script that runs before the app is installed. Only when the preinstall script returns zero (indicating success), the app proceeds to install. If the preinstall script returns a non-zero code (indicating failure), the app doesn't install and reports its installation status as "failed". The preinstall script runs again for failed installations at the next device check-in (sync)."
Microsoft could enhance this to provide a way for the admin to indicate a package is already installed by offering a custom exit code the pre-install script can return (eg exit code 2 for "package already installed"), so the reports show the installation status as "success".
- Are there any plans on adding support for assignment filters to shell scripts?
- Heather_Poulsen
We're halfway through today's live stream. Great questions so far - keep them coming! 🙂
- Any plans to add device filters within macOS shell script assignments?
- Joe_Lurie
eddiejimenez Arnab answers this at 35:35 in the AMA. Thanks!
- Has there been development in the experience in managing Linux/Ubuntu? Last time I checked Onboarding required alot of Tinkering and did not support AzureAuth Account Management at the time.
- Any opportunities to support additional hardware filtering for application installs, profiles, etc. As an example, Webex uses different installers for Intel vs Apple Silicon. Or an application with minimum memory requirements and restricting to only machines meeting that requirement. Being able to filter the install based on hardware platform and specifciations would be helpful.
- Does Dynamic Queries or membership rules for security groups not work? --> example only (device.deviceOSType -eq "MacOS") and (device.deviceProcessorArchitecture -eq "ARM64") By creating dynamic device groups and filters in Intune, you can effectively manage and deploy applications based on specific hardware characteristics and requirements. This approach ensures that applications are only installed on compatible devices, optimizing performance and user experience.
