In the first blog about the Microsoft Intune App-layer protection, one of the supported features is that you are able to wrap your own applications with the Microsoft Intune App Wrapping Tool for iOS so that you are able to manage those applications with the Mobile Application Management policies. In this second blog in the series, we will have a look at the Microsoft Intune App Wrapping Tool for iOS.
With this blog I want to show two scenarios. One with an application with no policies active and one with the same application that is wrapped with the Microsoft Intune App Wrapping Tool with the mobile application policies active. To be able to do this I have created a very basic application with two “pages” and on each page, there is a text field where I can type text and copy and paste it within the application and beyond.
Meet Notepad 🙂
PKG files that are packaged using different packaging commands may not deploy successfully. DMG files containing more than one APP file are not supported. You will need the Microsoft Intune App Wrapping Tool for macOS to complete the steps in the next section. Follow these instructions to set up the App Wrapping Tool correctly. Aug 04, 2019 Download the Intune App Wrapping Tool for Mac from Github. When you have downloaded IntuneAppUtil for Mac you need to start the bash prompt. By default you are not allowed to execute a file on MacOS, so you need to make IntuneAppUtil executable by running the.
Page 2 of Notepad |
Again it is a very basic and uggly app, but it does its work 🙂 (Okay I will try to make it more fancy 😉 )
- MacOS: Deploy File via Intune. As the title says. I am wrapping a MSI using intunewin wrapper tool with a transform that contains settings specific to the the install. (one via VPP & other via Intune as iOS app), heres a screen to explain. Save hide report.
- Mar 11, 2019 First let’s look at MacOS enrollment options with Intune. MacOS enrollment options. There are two methods to enroll MacOS with Intune, user driven or using. When selecting “Line-of-business app” the MacOS app must be wrapped using the app wrapping tool for Mac which will wrap the app and give it an extension of.intuneMac.
- Navigate to the Microsoft Download Center page for the App Wrapping Tool. Select the language you’d like the tool for. Read through the details and system requirements. Click Download to download the tool. After the tool has downloaded, double click the downloaded file and read the EULA.
That being said, when looking at the Microsoft Intune App Wrapping Tool for iOS, you need to be sure that the following prerequisites are in place:
- You need to have an Apple Developer Account
- You need to have access to a Mac OS X 10.8.5 or later with xcode
- You need to have a Provisioning Profile
- You need to have a distribution certificate
- Your device needs to be based on iOS 7.01 or later
- A developed iOS LOB Application.
Unmanaged Application
So when deploying the standard application via Microsoft Intune, you are able to install it and copy and paste the “Super secret text” between the pages in the Notepad application and for instance the email application within the iOS device.
Create a managed application
So the default created application can be deployed without any problem. What we need to do next is to wrap the Notepad application with the Microsoft Intune App Wrapping Tool to allow management via Microsoft Intune.
You can download the Microsoft Intune App Wrapping Tool for iOS supporting the right language here. Next you need to extract the DMG file to a folder where you are able to access the IntuneMAMPackager tool, TechNet describes to start the command line tool like this ./IntuneMAMPackager.app/Contents/MacOS/IntuneMAMPackager but I also extracted the content from the file to be able to access the IntuneMAMPackager file directly.
The IntuneMAMPackager tool has the following parameters that you may need to add to be able to wrap your application.
Parameter | Description |
-i | The path and file name of the source application. (mandatory) |
-o | The path in which to save the wrapped application. (mandatory) |
-p | The path of your provisioning profile for iOS applications. (mandatory) |
-c | The SHA1 hash of the signing certificate (Optional). |
-a | The Client ID of the input app (in GUID format) if the app uses Azure Active Directory Libraries (Optional). |
-t | The path to a test mobile application management policy file for testing outside of Intune (Optional). |
-r | Redirect URI of the input app if the app uses Azure Active Directory Libraries (Optional). |
-v | Verbose messages while wrapping the application. |
For my Notepad application I need to start the following command line at the console of the Mac OS X device;
./IntuneMAMPackager –i ./Notepad-v1.ipa –p XC_Ad_Hoc_.mobileprovisioning –o ./Notepad- wrapped.ipa –c 679cd10b63499c3f89c6edfb07d2e2b80dfb0d
Application wrapped by the Microsoft Intune App Wrapping Tool
That you cannot wrap every IPA file is true since the wrapping tool cannot wrap the following apps;
- Encrypted apps
- Unsigned apps
- Apps with extended file attributes
Trying to wrap an app that is not signed by Apple
In the next blog we will add the application to Microsoft Intune, deploy it and have a look how the Mobile Application Management Policies can be applied to the managed application.
Till next time.