cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Support Tip: Install Rosetta 2 on new Apple Silicon (M1) Macs to run apps built for Intel Macs
By
Intune_Support_Team
Published Jan 22 2021 09:37 AM 65.6K Views
Intune_Support_Team
Microsoft
‎Jan 22 2021 09:37 AM

Support Tip: Install Rosetta 2 on new Apple Silicon (M1) Macs to run apps built for Intel Macs

‎Jan 22 2021 09:37 AM

3/30 Update: In the March (2103) service release, when you deploy shell scripts or custom attributes for macOS devices from Microsoft Endpoint Manager, it will deploy the new universal version of the Intune management agent app that runs natively on Apple Silicon Mac machines. To learn more see: Intune management agent for macOS devices is now a universal app.

 

Apple recently announced Apple Silicon Macs. These devices run on 64-bit ARM (RISC) CPUs relative to the previous generation of Macs that ran on Intel CPUs. Apple also announced a translation layer called Rosetta 2 that allows apps built for Intel Macs to run on the new Apple Silicon Macs.

 

Intune apps on macOS such as Intune Company Portal and the Intune MDM agent depend on the Rosetta 2 translation layer for managing Apple Silicon Macs. If you purchase a new Apple Silicon Mac running macOS 11.x (Big Sur), Rosetta 2 does not come pre-installed and the end-user is prompted by macOS to install it on first launch of an Intel-based application.

 

macOS installation prompt for RosettamacOS installation prompt for Rosetta

 

If you are upgrading to macOS 11 on Intel Macs, this is not an issue.

 

Additional scenario to consider - Apple Silicon (M1) Macs fail to run shell scripts when enrolled via Apple Automated Device Enrollment (ADE)

In this scenario, the device gets enrolled into Intune using macOS Setup Assistant. If you have configured shell scripts for these Macs, the Intune MDM agent is automatically installed on the Mac. However, the Intune MDM agent cannot start because Rosetta 2 is not installed. macOS 11 does not prompt the end user to install Rosetta 2 in this case.

 

If you are enrolling your Apple Silicon Macs using Company Portal, you will be prompted to install Rosetta 2 on first launch of Company Portal.

 

Recommendation

Install Rosetta 2 on Apple Silicon Macs to ensure app compatibility with Intel-based apps using one of the following steps:

  • Recommend users to install Rosetta 2 manually by launching any installed Intel-based app on the Apple Silicon Mac.

  • Recommend users to open Terminal and run the following command or provide a script that runs this command to users:

    • /usr/sbin/softwareupdate --install-rosetta (root permission not required)
    • /usr/sbin/softwareupdate --install-rosetta --agree-to-license (root permission required)

 

Let us know if you have any additional questions on this by replying back to this post or tagging @IntuneSuppTeam out on Twitter.

 

Blog post updates:

3/3: We appreciate all the customer feedback and are excited to announce that the Intune management agent for macOS devices will be a universal app.

3/30: With the March (2103) service release - The Intune management agent for macOS devices is now a universal app.

13 Comments
matwa
Brass Contributor
‎Jan 24 2021 12:02 PM
‎Jan 24 2021 12:02 PM

Dear @Intune_Support_Team ,

 

your post unfortunately describes the chicken-and-egg situation at it's best.

 

The problem on ADE enrolled devices is the worst one for those who rely on it (as I do).

As you mentioned, not even scripts are executed because the Intune MDM Agent is still as intel binary only available (may I ask why?).

 

So, what I'm currently trying to do is to develop an App which does just call a script which executes your already mentioned

/usr/sbin/softwareupdate --install-rosetta --agree-to-license

command. 

I created an app few weeks ago, signed it (with an apple developer id) and also notarized it to make it compliant with gatekeeper. In a test locally it worked as expected: But on a freshly enrolled device it does not get installed due to some weird certificate resolving issues. I have to dig deeper into it.

Is there any release plan for the Intune MDM Agent as an universal binary at least? This would make administrator life with the new M1 so much easier.

 

matwa
Brass Contributor
‎Jan 24 2021 12:04 PM
‎Jan 24 2021 12:04 PM

Dear @Intune_Support_Team 

 

another idea:

Why don't you just provide an officially signed app which just calls the Rosetta install script? At least as an interims solution.

This would make a lot of people happy.

 

Geert-Jan Schroot
Brass Contributor
‎Jan 26 2021 03:11 AM
‎Jan 26 2021 03:11 AM

Dear @Intune_Support_Team,

 

What is the ETA for the native Intune agent?

This situation makes ADE unusable for these devices.

 

matwa
Brass Contributor
‎Jan 26 2021 12:55 PM
‎Jan 26 2021 12:55 PM

@Geert-Jan Schroot just to be precise: you mean the universal binary (not native) we need. Which runs native on both, Intel and Silicon

Geert-Jan Schroot
Brass Contributor
‎Jan 28 2021 01:58 AM
‎Jan 28 2021 01:58 AM

Exactly. So ADE will work right out of the box.

tobiassandberg
Copper Contributor
‎Feb 05 2021 06:08 AM
‎Feb 05 2021 06:08 AM

I agree, @Intune_Support_Team please help us with a solution for this one.

Intune_Support_Team
Microsoft
‎Feb 10 2021 05:00 PM
‎Feb 10 2021 05:00 PM

Hi @matwa@Geert-Jan Schroot@tobiassandberg, thank you all for the feedback! We are actively working on a solution, though no dates to currently share. Stay tuned to this post and our In development docs for future updates.

matwa
Brass Contributor
‎Mar 02 2021 06:07 PM
‎Mar 02 2021 06:07 PM

@Intune_Support_Team 

Sorry, it‘s a shame. Again 3 weeks passed by. Nothing new.  Nearly 4 month since release of silicon macs and still no native support in enrollment. This is becoming a no go. 
We‘ll switch to Jamf. The only ones who really provide zero day support. 

0 Likes
Like
Intune_Support_Team
Microsoft
‎Mar 03 2021 08:19 AM
‎Mar 03 2021 08:19 AM

Hi @matwa, thanks for your feedback and sharing your experience. We're excited to announce that coming in the March (2103) service release, when you deploy shell scripts or custom attributes for macOS devices from Microsoft Endpoint Manager, it will deploy the new universal version of the Intune management agent app that runs natively on Apple Silicon Mac machines. For more information, see our In development doc here. We'll also keep this post updated once the feature is available across all tenants.

 

CC: @Geert-Jan Schroot@tobiassandberg.

 

Thanks again for the feedback!

matwa
Brass Contributor
‎Mar 03 2021 01:30 PM
‎Mar 03 2021 01:30 PM

Ouhhh! Wow. Great news. I'll do a table dance if this becomes reality. 

Zorty
Copper Contributor
‎Mar 18 2021 09:17 AM
‎Mar 18 2021 09:17 AM

Do we think this will still be completed in March @Intune_Support_Team?

0 Likes
Like
tobiassandberg
Copper Contributor
‎Mar 29 2021 01:09 AM
‎Mar 29 2021 01:09 AM

@Intune_Support_Team since the feature didn't release in March (2103) service release, will it be available in the next one, or what it the status?

Intune_Support_Team
Microsoft
‎Mar 30 2021 06:11 PM
‎Mar 30 2021 06:11 PM

Hi @matwa@Geert-Jan Schroot@tobiassandberg@Zorty - Thanks for your patience. We're excited to announce that the Intune management agent for macOS devices is now a universal app is now available with the March (2103) release! See our What's new in Microsoft Intune | Week of March 29, 2021 (Service release 2103) and Microsoft Intune management agent for macOS docs to learn more.

Version history
Last update:
‎Dec 19 2023 01:29 PM
Updated by: