Skip to content

Using Baseline via Microsoft Intune

Jump to bottom
Second Son Consulting edited this page Feb 10, 2024 · 1 revision

Community Contribution

This guide was contributed by @patrickrgr

General Guidance for Using Baseline with Microsoft Intune

Groups in Intune (especially dynamic groups) are slow to update as group data is stored in AzureAD and there is a delay in syncing between Intune and AzureAD. For time-sensitive deployments (e.g. zero-touch) it's recommended to scope to All Users or All Devices. Narrow scope by using Intune-native device filters (Microsoft documentation). Many thanks to Luke Hawkins, Chris McFall, and Johan Kjellman in the MacAdmins Slack for providing the foundation of most of this documentation.

Configuration Profile

Customize the mobileconfig file as desired. Signing the profile is not required. Then upload it to Intune:

  1. Navigate to Devices > macOS > Configuration Profiles.
  2. Click Create, click New Policy, and select the Templates profile type.
  3. Click Custom and click Create.
  4. Enter a name and click Next.
  5. Enter a name for the configuration profile, deploy to Device channel, upload the configuration file, and click Next.
  6. Assign as desired and click Next.
  7. Click Create.

Zero Touch

For a successful zero-touch experience, use a script to deploy Baseline. Due to delays when Intune deploys packages, Baseline is unlikely to run when needed if deployed as a package. When deploying via a script, ensure there is an ExitCondition specified in the configuration profile.

Deploy the script version of Baseline

  1. Download Baseline.sh and customize as desired.
  2. In Intune, navigate to Devices - macOS - Shell scripts.
  3. Click Add. Enter a name and click Next.
  4. Upload the script.
  5. Change Run script as signed-in user to No.
  6. Change Max number of times to retry if script fails to 3. Leave the other options unconfigured and click Next.
  7. Assign to all users and click Next.
  8. Review settings and click Add.

Use a script to download and run a package version of Baseline

If you wish to add additional pkg files to the package version: Download Baseline.pkg, customize, then repackage and upload to your desired location (cloud or local network storage). Create a shell script that downloads and installs the default package from Github or the customized package from your network location.

On-Demand/Self-Service

Company Portal

As of writing, the only way to deploy an on-demand Mac app via Intune is to deploy it as a line-of-business app. LOB apps can be assigned as Required or Available, while DMG and PKG apps can only be assigned as Required (i.e. they will be installed automatically). LOB apps have certain requirements that must be satisfied. The unmodified Baseline.pkg meets these requirements. To deploy Baseline for on-demand use via the Company Portal, complete the following steps:

  1. If you've modified the package, ensure the pkg file meets all requirements specified above.
  2. In Intune, navigate to Apps > macOS and click Add.
  3. Select Line-of-business app as the app type and click Select.
  4. Upload the pkg file and click OK.
  5. Fill out/edit the information. Baseline is compatible with macOS 11 or newer, but any added payloads may have higher minimum OS requirements. Ensure the included apps list is accurate and a logo is present. Click Next.
  6. Assign as desired and click Next.
  7. Click Create.

Home

How it Works

Files and Folders

How to Initiate Baseline

Configuration Profile Overview

Defining Packages Scripts and Installomator Labels

WaitFor - Define items which will be installed by other tools

Customizing Icons and Messaging

Defining Additional Features

Contributing to Baseline

Using Baseline with your MDM

Clone this wiki locally