Event banner
Managing and protecting those "other desktops"
Event details
With Microsoft 365, we reject the tyranny of “or” and embrace the genius of “and.” That’s why a variety of mobile platforms are supported in Microsoft 365 environments. But what about managing and securing everything in a cohesive way? Join Danny and Steve for an open and honest look at how to manage and secure MacOS and Linux desktops in enterprise environments. Don’t miss this exciting episode that will close out season 3 of Unpacking Endpoint Management!
Post your questions in the Comments below early and throughout the broadcast.
Bookmark https://aka.ms/UnpackingEndpointManagement for links to previous episodes on demand and details on upcoming episodes. |
29 Comments
- Heather_Poulsen
Community Manager
Thanks for joining us today. We'll be back with a new season of Unpacking Endpoint Management this September. Have a topic you'd like to see us cover? Leave us a comment at https://aka.ms/UEM -- which is conveniently where you'll find new dates/times for future episodes when announced!
- JuliusPIVBrass Contributor
When looking at the various app types (win32 vs LOB vs pkg etc.) and scripts across the various platforms, the assignment options in Intune are not consistent. Is there an initiative to normalize this to offer a complete & consistent experience across all assignments (apps, app types, scripts etc.) regardless of the target platform (Windows, Mac etc.)?
Examples:
- Win32 apps allow filters
- Mac apps (pkg/dmg) do not allow filters
- Windows Line of business apps allow for setting include and exclude assignment modes. Few, if any, other apps or scripts allow that.
- Windows Line of business apps (among others) don't allow setting availability, installation deadline etc.
- Mac apps (pkg/dmg) only allow for required assignments which is not always desirable. Why isn't available an option?
- eddiejimenezBrass ContributorMunki and Autopkg has proven to be an affective workaround with some of the inefficiencies in macOS App management in Intune. Are there any plans to create something similar in Intune to improve app distribution and patching? Either similar to the aforementioned solutions or something new in-house?
- Joe_Lurie
Microsoft
eddiejimenez Danny answered this at 46:24 in the AMA. Thanks for the question!
- kerryt395Copper ContributorOr even integrating those. I think WS1 integrated Munki capabilities rather than trying to reinvent the wheel.
- eddiejimenezBrass Contributor100%
- Sy_ClourCopper ContributorAs a general percentage, how much functionality is the same when enrolling/ using Entra/intune on a Linux machine?
- rrenstromBrass ContributorAny improvements coming in non-LOB package detection rules, beyond the current app bundle version check? This is needed to cover situations for packages that install in non-standard locations or don't have an app bundle. Currently these types of packages install over and over every check-in, since it can't determine if a package is already installed. It would be awesome to offer more detections, such as checking package receipts/version, a particular file path, or a user generated install check script to determine if a package is already installed.
- Joe_Lurie
Microsoft
For reference, this is answered at 44:24 Live in the AMA. - rrenstromBrass Contributor
Arnab Biswas thank you for answering this during today's live episode.
One way Microsoft could quickly and immediately address this would be to slighly alter the Pre-install script exit code check.
Currently according to https://learn.microsoft.com/en-us/mem/intune/apps/macos-unmanaged-pkg documentation, "Pre-install script: Provide a script that runs before the app is installed. Only when the preinstall script returns zero (indicating success), the app proceeds to install. If the preinstall script returns a non-zero code (indicating failure), the app doesn't install and reports its installation status as "failed". The preinstall script runs again for failed installations at the next device check-in (sync)."
Microsoft could enhance this to provide a way for the admin to indicate a package is already installed by offering a custom exit code the pre-install script can return (eg exit code 2 for "package already installed"), so the reports show the installation status as "success".
- HogstromCopper ContributorAre there any plans on adding support for assignment filters to shell scripts?
- Heather_Poulsen
Community Manager
We're halfway through today's live stream. Great questions so far - keep them coming! 🙂
- eddiejimenezBrass ContributorAny plans to add device filters within macOS shell script assignments?
- Joe_Lurie
Microsoft
eddiejimenez Arnab answers this at 35:35 in the AMA. Thanks!
- -KenDBrass ContributorHas there been development in the experience in managing Linux/Ubuntu? Last time I checked Onboarding required alot of Tinkering and did not support AzureAuth Account Management at the time.
- kerryt395Copper ContributorAny opportunities to support additional hardware filtering for application installs, profiles, etc. As an example, Webex uses different installers for Intel vs Apple Silicon. Or an application with minimum memory requirements and restricting to only machines meeting that requirement. Being able to filter the install based on hardware platform and specifciations would be helpful.
- Sal_INC2Occasional ReaderDoes Dynamic Queries or membership rules for security groups not work? --> example only (device.deviceOSType -eq "MacOS") and (device.deviceProcessorArchitecture -eq "ARM64") By creating dynamic device groups and filters in Intune, you can effectively manage and deploy applications based on specific hardware characteristics and requirements. This approach ensures that applications are only installed on compatible devices, optimizing performance and user experience.