Deploying apps with Microsoft Intune for macOS lets IT administrators push software silently to enrolled Macs without user intervention. Whether you need to distribute Microsoft 365 apps, custom line-of-business software, or security tools, Intune macOS app deployment handles it from a single portal. This guide covers the main deployment methods and walks you through the configuration process.
Before deploying apps, your Macs need to be enrolled in Intune. Follow our guide on how to enroll a Mac in Microsoft Intune first. For context on the broader Intune capabilities, see our overview of what Microsoft Intune is.
macOS App Types Supported by Intune
Intune supports several macOS app formats, each suited to different deployment scenarios:
- macOS LOB apps (.pkg) — custom or third-party apps packaged as .pkg files; deployed silently to enrolled devices
- Microsoft 365 Apps for macOS — built-in deployment type for Office apps (Word, Excel, Outlook, Teams); no package needed
- Mac App Store apps — deploy apps from the public Mac App Store by volume purchase through Apple Business Manager
- Web apps and web clips — add web shortcuts to the Dock or Applications folder
- Shell scripts — deploy and run custom scripts on enrolled Macs for advanced configuration tasks
Deploy Microsoft 365 Apps to Macs
Deploying the Microsoft 365 suite to Macs through Intune is straightforward because Microsoft provides a built-in app type that handles packaging and updates automatically.
- In the Intune admin center, go to Apps → macOS → Add
- Select Microsoft 365 Apps (macOS) as the app type
- Configure the app suite: choose which apps to include (Word, Excel, PowerPoint, Outlook, Teams, OneNote)
- Set the update channel — Current Channel receives updates fastest; Monthly Enterprise Channel provides more predictability
- Assign the app to a user or device group and set the assignment type to Required (automatic) or Available (user-initiated via Company Portal)
- Click Save — Intune pushes the app to all assigned Macs on their next check-in
Deploy a Custom .pkg App
For third-party or in-house software, package your app as a flat .pkg file before uploading it to Intune. Intune does not support component packages or .dmg files natively — you need to convert them to .pkg first.
- Go to Apps → macOS → Add → select Line-of-business app
- Upload the .pkg file (maximum 2 GB per file)
- Fill in app information: name, description, publisher, minimum OS version
- Under Detection rules, define how Intune verifies whether the app is already installed — typically via bundle ID or file path
- Assign to the target group as Required and save
Monitor App Deployment Status
After assigning an app, Intune provides a real-time deployment status report. Go to Apps → select the app → Device install status. Each enrolled Mac shows one of these states:
- Installed — the app deployed successfully
- Failed — deployment encountered an error; check the error code in the device details
- Pending — the device has not yet checked in since the assignment
- Not applicable — the device does not meet the assignment filters
Use Shell Scripts for Advanced Configuration
Shell scripts extend Intune’s reach beyond standard app deployment. You can run bash scripts on enrolled Macs to configure settings, install command-line tools, or enforce policies that MDM profiles do not cover natively.
To deploy a script, go to Devices → macOS → Shell scripts → Add. Upload your .sh file, configure the run context (as signed-in user or system), set the frequency (once or each check-in), and assign it to the target group. Intune runs the script silently on each enrolled Mac.
For Windows app deployment, see our dedicated guide on deploying .exe applications with Microsoft Intune. To enforce security policies after deployment, configure Intune compliance policies.
For more details on macOS app deployment, see the official Microsoft Intune app management documentation.
📱 Need help deploying Microsoft Intune in your organization?
Our team handles Intune rollouts, compliance policies, and device enrollment for businesses. Book a free 30-minute call or drop us a quick message. 📅 Book a free 30-min call | 💬 Chat on WhatsApp
App Deployment Best Practices for macOS
Always test app deployments on a small pilot group before assigning to all users. Use device groups for Required deployments (apps install automatically) and user groups for Available deployments (users install on demand via Company Portal). For critical security tools, use Required with no uninstall option. Regularly review the App install status report to catch silent failures early. See also our guide on enrolling a Mac in Intune and our Intune compliance policies guide.
