Is host deployment to macOS possible via InTune

Vince_C
Vince_C Posts: 2 ✭✭

I've been reading through the posts on the forums and can find a way of deploying the host via a script or manually but can't seem to find any instruction on deploying a TV Host via InTune for macOS

We currently deploy our customised host to iOS and Windows using InTune and this works fine.

Has anyone been able to do the same for macOS? Did you have to convert the pkg file into a .IntuneMac file using the app wrapping tool?

Tagged:

Comments

  • B3nnn
    B3nnn Posts: 1

    This is an old post, but I have the same questions. Packaging as a .intunemac file fails and reports back as having an incorrect package id or something along those lines. There are instructions for deployment from MobileIron, but my org is jumping ship on that MDM and I now have about 50 Macs that will need to be manually configured with TV. Sooo frustrating.

    Did you find a successful means of deploying TV host?

  • CB_Support
    CB_Support Posts: 1

    There doesn't seem to be a straight forward or simple way to deploy TeamViewer Host for macOS devices via Intune. Both Microsoft and TeamViewer support seem to be struggling to supply a working process.

    I have raised a request with both support teams but not getting very far at the moment, so if anyone else has managed to get this working would be great to hear how this was done.

    Also on the other hand if I hear back and make any progress, I will supply an update.

  • Malanho
    Malanho Posts: 1


    Process tested and working as expected:

    1. Download the file in the TeamViewer Management Console under "Design & Deploy" by clicking "Download installer" and choosing "PKG (Host & Full Client for macOS)"
    2. Download the Intune wrapping tool
    3. On your mac device Mark the downloaded tool as an executable:
      • Start the terminal app.
      • Change the directory to the location where IntuneAppUtil is located.
      • Run the following command to make the tool executable:
      • chmod +x IntuneAppUtil
      • Use the IntuneAppUtil command within the Intune App Wrapping Tool for Mac to wrap .pkg LOB app file from a .intunemac file.
      • ex: /IntuneApputil -c ~/Downloads/TeamViewer_Host.pkg -o ~/Desktop/TeamViewer_Host.pkg

    The package will be created, and it will be deployed to the devices but Intune will report in error.

    Behavior Explained in Microsoft Documentation, I can't post links yet here :( , but search for the documentation with the following subject: Error 0x87D13BA2 when you deploy a macOS LOB app

    To fix the issue:

    1. unzip TeamViewer_Host.pkg.intunemac
    2. The content of the package will be extracted to a child folder that's named IntuneMacPackage under the temporary folder.
    3. Open the IntuneMacPackage/Metadata/Detection.xml file in a text editor.
    4. Remove all MacOSLobChildApp elements except the one for the main application in the package. in this case: (com.teamviewer.TeamViewerHost) Update the MacOSLobApp element by using the BundleId and BuildNumber of the main application, and then save the Detection.xml file. You can see the Microsoft example on the documentation, just change the BundleID, the Version leave as is:

    <?xml version="1.0" encoding="UTF-8"?>

    <PackageMetadata Version="1.0.0.0" TimeStamp="2021-01-27 09:56:37 +0000" MacOSX="10.16" xmlns="URL"

    <MacOSLobApp PackageType="pkg" PackageName="TeamViewerHost" BundleId="com.teamviewer.TeamViewerHost" BuildNumber="some number">

    <MD5HashChunkSize Size="10485760"/>

    <MD5Hash>

    94afdea75543f488e8347702909ea064,11a70f69441273e6c5bb7bc5c13254a9,b514d8ce061d5632ade7d002bd8ae68c,85488ad9a62e12ba79e9f2d17b4f0eba,f2d2ada34aec51444c96e8ae32c574f1

    </MD5Hash>

    <MacOSLobChildApp BundleId="com.teamviewer.TeamViewerHost" BuildNumber="somenumber" VersionNumber="somenumber"/>

    </MacOSLobApp>

    <InstallerParams VolumeInfo="/" RestartAction="None"/>

    </PackageMetadata>


    Save the DetectionXML file and zip the package again:

    • zip -q --symlinks -0 -r TeamViewerHost2.intunemac IntuneMacPackage
    • Create the Package and you are ready to go.

    You can also set the application System Access Preferences using a Custom device configuration profile for macOS, for that, my suggestion is to use PPPC Utility (you can find it on Github) it help to create the Payload to configure the "Review System Access"

    As showing in Team Viewer documentation, you will not be able to set the Screen Recording setting, it will need to be manual by the end user.

    "If you have an MDM system, you can use Privacy Preferences Policy Control (PPPC) payloads to roll out Accessibility and Full Disk Access for TeamViewer in System Preferences --> Security & Privacy --> Privacy. Your users will still need to grant Screen Recording access themselves. Starting with macOS 11 Big Sur, you will need to use a ScreenCapture PPPC payload with AllowStandardUserToSetSystemService to allow non-admin users to grant this permission."