Skip to content

IntuneAppUploader

Tobias Almén edited this page Aug 3, 2023 · 14 revisions

Description

This processor uploads an app to Microsoft Intune using the Microsoft Graph API, it also assigns the app to a group if specified.

Supported app types are:

  • DMG
  • PKG (experimental once released)

Prerequisites

Python Packages

As this processor utilises the requests and cryptography modules, you will need to install these into your environment before using this processor. To do this, run the following command in your terminal:

/usr/local/autopkg/python -m pip install --upgrade requests cryptography

Azure AD App Registration

To use this processor, you must create an Azure AD App Registration with the following application API Permission,

  • DeviceManagementApps.ReadWrite.All

Once you have created the App Registration, you need to create a client secret, copy the Application ID (client id) and save it somewhere safe. You will need this later.

Add AutoPkg repo

Before you can use this processor, this repo needs to be added to AutoPkg

autopkg repo-add almenscorner/recipes

Add AutoPkg configurations

To use this processor, you need to add the following configurations to AutoPkg:

defaults write com.github.autopkg CLIENT_ID "YOUR_CLIENT_ID"
defaults write com.github.autopkg CLIENT_SECRET "YOUR_CLIENT_SECRET"
defaults write com.github.autopkg TENANT_ID "example.onmicrosoft.com"

Usage

Example

autopkg make-override Code.intune.recipe
autopkg run -v Code.intune.recipe

Tips

App Icon

By default, a simple icon getter is used called IntuneAppIconGetter. If more complex scenarios is needed, the processor AppIconExtractor can be used instead.

The processor AppIconExtractor needs to be added and additional packages installed.

autopkg repo-add haircut-recipes
/usr/local/autopkg/python -m pip install --upgrade Pillow

Ignore current app

One reason you might want to use the ignore_current_app is if you want to upload the new version of an app to Intune, but the app already exists in Intune. This allows you to upload the new version and only deploy the new version to a specific group, without updating the app for all groups.

Ignore current verison

One reason you might want to use the ignore_current_version is if you want to upload the same version of an already existing app to Intune. This allows you to update the current binary for the app.

Input variables

  • CLIENT_ID:

    • required: True
    • description: The client ID to use for authenticating the request.
  • CLIENT_SECRET:

    • required: True
    • description: The client secret to use for authenticating the request.
  • TENANT_ID:

    • required: True
    • description: The tenant ID to use for authenticating the request.
  • app_file:

    • required: True
    • description: The app file to upload to Intune.
  • displayname:

    • required: True
    • description: The display name of the app.
  • description:

    • required: True
    • description: The description of the app.
  • publisher:

    • required: True
    • description: The publisher of the app.
  • owner:

    • required: False
    • description: The owner of the app.
  • developer:

    • required: False
    • description: The developer of the app.
  • categories:

    • required: False,
    • description: An array of categories to add to the app by name. Must be created in Intune first. See example below.
      <key>categories</key>
      <array>
          <string>Productivity</string>
          <string>Development &amp; Design</string>
      </array>
  • information_url:

    • required: False
    • description: The information URL of the app.
  • privacy_information_url:

    • required: False
    • description: The privacy information URL of the app.
  • notes:

    • required: False
    • description: The notes of the app.
  • bundleId:

    • required: True
    • description: The bundle ID of the app.
  • bundleVersion:

    • required: True
    • description: The bundle version of the app.
  • minimumSupportedOperatingSystem:

    • required: False
    • description: The minimum supported operating system of the app.
    • default: v11_0
  • install_as_managed:

    • required: False
    • description: Whether to install the app as managed or not.
    • default: False
  • icon

    • required: False
    • description: Path to the icon of the app.
  • ignore_current_app:

    • required: False
    • description: Whether to ignore the current app in Intune and create either way.
    • default: False
  • ignore_current_version:

    • required: False
    • description: Whether to ignore the current version in Intune and upload binary either way.
    • default: False
  • assignment_info:

    • required: False
    • description: The assignment info of the app. Provided as an array of dicts containing keys "group_id" and "intent". See example below.
      <key>assignment_info</key>
      <array>
          <dict>
              <key>group_id</key>
              <string>xxxx-xxxxx-xxxxx-xxxxxx</string>
              <key>intent</key>
              <string>Required</string>
          </dict>
          <dict>
              <key>group_id</key>
              <string>xxxx-xxxxx-xxxxxx-xxxxxxx</string>
              <key>intent</key>
              <string>Uninstall</string>
          </dict>
      </array>

Output variables

  • name
    • description: The name of the app.
  • version
    • description: The version of the app.
  • intune_app_id
    • description: The ID of the app in Intune.
  • content_version_id
    • description: The ID of the content version in Intune.
  • intune_app_changed
    • description: Returns True if the app was updated or created, False if not.

PKG recipes

This table represents recipes that downloads a PKG file and for which type in Intune this recipe can be used, i.e. PKG (unmanaged) and LOB (managed).

recipe pkg lob
Firefox 🎉 🎉
Yubico Authenticator 🎉 👎
Clone this wiki locally