-
Notifications
You must be signed in to change notification settings - Fork 6
IntuneAppUploader
This processor uploads an app to Microsoft Intune using the Microsoft Graph API, it also assigns the app to a group if specified.
Supported app types are:
- DMG
- PKG (experimental once released)
As this processor utilises the requests
and cryptography
modules, you will need to install these into your environment before using this processor.
To do this, run the following command in your terminal:
/usr/local/autopkg/python -m pip install --upgrade requests cryptography
To use this processor, you must create an Azure AD App Registration with the following application API Permission,
- DeviceManagementApps.ReadWrite.All
Once you have created the App Registration, you need to create a client secret, copy the Application ID (client id) and save it somewhere safe. You will need this later.
Before you can use this processor, this repo needs to be added to AutoPkg
autopkg repo-add almenscorner/recipes
To use this processor, you need to add the following configurations to AutoPkg:
defaults write com.github.autopkg CLIENT_ID "YOUR_CLIENT_ID"
defaults write com.github.autopkg CLIENT_SECRET "YOUR_CLIENT_SECRET"
defaults write com.github.autopkg TENANT_ID "example.onmicrosoft.com"
autopkg make-override Code.intune.recipe
autopkg run -v Code.intune.recipe
By default, a simple icon getter is used called IntuneAppIconGetter
. If more complex scenarios is needed, the processor AppIconExtractor
can be used instead.
The processor AppIconExtractor
needs to be added and additional packages installed.
autopkg repo-add haircut-recipes
/usr/local/autopkg/python -m pip install --upgrade Pillow
One reason you might want to use the ignore_current_app
is if you want to upload the new version of an app to Intune, but the app already exists in Intune. This allows you to upload the new version and only deploy the new version to a specific group, without updating the app for all groups.
One reason you might want to use the ignore_current_version
is if you want to upload the same version of an already existing app to Intune. This allows you to update the current binary for the app.
-
CLIENT_ID:
- required: True
- description: The client ID to use for authenticating the request.
-
CLIENT_SECRET:
- required: True
- description: The client secret to use for authenticating the request.
-
TENANT_ID:
- required: True
- description: The tenant ID to use for authenticating the request.
-
app_file:
- required: True
- description: The app file to upload to Intune.
-
displayname:
- required: True
- description: The display name of the app.
-
description:
- required: True
- description: The description of the app.
-
publisher:
- required: True
- description: The publisher of the app.
-
owner:
- required: False
- description: The owner of the app.
-
developer:
- required: False
- description: The developer of the app.
-
categories:
- required: False,
- description: An array of categories to add to the app by name. Must be created in Intune first. See example below.
<key>categories</key> <array> <string>Productivity</string> <string>Development & Design</string> </array>
-
information_url:
- required: False
- description: The information URL of the app.
-
privacy_information_url:
- required: False
- description: The privacy information URL of the app.
-
notes:
- required: False
- description: The notes of the app.
-
bundleId:
- required: True
- description: The bundle ID of the app.
-
bundleVersion:
- required: True
- description: The bundle version of the app.
-
minimumSupportedOperatingSystem:
- required: False
- description: The minimum supported operating system of the app.
- default: v11_0
-
install_as_managed:
- required: False
- description: Whether to install the app as managed or not.
- default: False
-
icon
- required: False
- description: Path to the icon of the app.
-
ignore_current_app:
- required: False
- description: Whether to ignore the current app in Intune and create either way.
- default: False
-
ignore_current_version:
- required: False
- description: Whether to ignore the current version in Intune and upload binary either way.
- default: False
-
assignment_info:
- required: False
- description: The assignment info of the app. Provided as an array of dicts containing keys "group_id" and "intent". See example below.
<key>assignment_info</key> <array> <dict> <key>group_id</key> <string>xxxx-xxxxx-xxxxx-xxxxxx</string> <key>intent</key> <string>Required</string> </dict> <dict> <key>group_id</key> <string>xxxx-xxxxx-xxxxxx-xxxxxxx</string> <key>intent</key> <string>Uninstall</string> </dict> </array>
- name
- description: The name of the app.
- version
- description: The version of the app.
- intune_app_id
- description: The ID of the app in Intune.
- content_version_id
- description: The ID of the content version in Intune.
- intune_app_changed
- description: Returns True if the app was updated or created, False if not.
This table represents recipes that downloads a PKG file and for which type in Intune this recipe can be used, i.e. PKG (unmanaged) and LOB (managed).
recipe | pkg | lob |
---|---|---|
Firefox | 🎉 | 🎉 |
Yubico Authenticator | 🎉 | 👎 |