IntuneAppUploader
This processor uploads an app to Microsoft Intune using the Microsoft Graph API, it also assigns the app to a group if specified.
Supported app types are:
- DMG
- PKG
- LOB
As this processor utilises the requests and cryptography modules, you will need to install these into your environment before using this processor.
To do this, run the following command in your terminal:
/usr/local/autopkg/python -m pip install --upgrade requests cryptographyTo use this processor, you must create an Azure AD App Registration with the following application API Permission,
- DeviceManagementApps.ReadWrite.All
Once you have created the App Registration, you need to create a client secret, copy the Application ID (client id) and save it somewhere safe. You will need this later.
Before you can use this processor, this repo needs to be added to AutoPkg
autopkg repo-add almenscorner-recipesTo use this processor, you need to add the following configurations to AutoPkg:
defaults write com.github.autopkg CLIENT_ID "YOUR_CLIENT_ID"
defaults write com.github.autopkg CLIENT_SECRET "YOUR_CLIENT_SECRET"
defaults write com.github.autopkg TENANT_ID "example.onmicrosoft.com"autopkg make-override Code.intune.recipeautopkg run -v Code.intune.recipeBy default, a simple icon getter is used called IntuneAppIconGetter. If more complex scenarios is needed, the processor AppIconExtractor can be used instead.
The processor AppIconExtractor needs to be added and additional packages installed.
autopkg repo-add haircut-recipes/usr/local/autopkg/python -m pip install --upgrade PillowOne reason you might want to use the ignore_current_app is if you want to upload the new version of an app to Intune, but the app already exists in Intune. This allows you to upload the new version and only deploy the new version to a specific group, without updating the app for all groups.
One reason you might want to use the ignore_current_version is if you want to upload the same version of an already existing app to Intune. This allows you to update the current binary for the app.
-
CLIENT_ID:
- required: True
- description: The client ID to use for authenticating the request.
-
CLIENT_SECRET:
- required: True
- description: The client secret to use for authenticating the request.
-
TENANT_ID:
- required: True
- description: The tenant ID to use for authenticating the request.
-
app_file:
- required: True
- description: The app file to upload to Intune.
-
displayname:
- required: True
- description: The display name of the app.
-
description:
- required: True
- description: The description of the app.
-
publisher:
- required: True
- description: The publisher of the app.
-
owner:
- required: False
- description: The owner of the app.
-
developer:
- required: False
- description: The developer of the app.
-
categories:
- required: False,
- description: An array of categories to add to the app by name. Must be created in Intune first. See example below.
<key>categories</key> <array> <string>Productivity</string> <string>Development & Design</string> </array>
-
information_url:
- required: False
- description: The information URL of the app.
-
privacy_information_url:
- required: False
- description: The privacy information URL of the app.
-
notes:
- required: False
- description: The notes of the app.
-
bundleId:
- required: True
- description: The bundle ID of the app.
-
bundleVersion:
- required: True
- description: The bundle version of the app.
-
minimumSupportedOperatingSystem:
- required: False
- description: The minimum supported operating system of the app.
- default: v11_0
-
install_as_managed:
- required: False
- description: Whether to install the app as managed or not.
- default: False
-
ignore_version_detection
- required: False
- description: Whether Intune will ignore the version in the detection of the installed application.
- default: False
-
icon
- required: False
- description: Path to the icon of the app.
-
preinstall_script
- required: False
- The base64 encoded preinstall script for the app. Only applicable to unmanaged PKG apps.
-
postinstall_script
- required: False
- The base64 encoded postinstall script for the app. Only applicable to unmanaged PKG apps.
-
ignore_current_app:
- required: False
- description: Whether to ignore the current app in Intune and create either way.
- default: False
-
ignore_current_version:
- required: False
- description: Whether to ignore the current version in Intune and upload binary either way.
- default: False
-
assignment_info:
- required: False
- description: The assignment info of the app. Provided as an array of dicts containing keys "group_id" and "intent". See example below.
<key>assignment_info</key> <array> <dict> <key>group_id</key> <string>xxxx-xxxxx-xxxxx-xxxxxx</string> <key>intent</key> <string>Required</string> </dict> <dict> <key>group_id</key> <string>xxxx-xxxxx-xxxxxx-xxxxxxx</string> <key>intent</key> <string>Uninstall</string> </dict> <dict> <key>all_assignment</key> <string>AllUsers</string> <key>intent</key> <string>Available</string> </dict> <dict> <key>all_assignment</key> <string>AllDevices</string> <key>intent</key> <string>Required</string> </dict> </array>
- name
- description: The name of the app.
- version
- description: The version of the app.
- intune_app_id
- description: The ID of the app in Intune.
- content_version_id
- description: The ID of the content version in Intune.
- intune_app_changed
- description: Returns True if the app was updated or created, False if not.
This table represents recipes that downloads a PKG file and for which type in Intune this recipe can be used, i.e. PKG (unmanaged) and LOB (managed).
A π doesn't necessarily mean the installation of the app will fail. The install can still work but Intune is unable to detect the app as installed. This behavior will mark the app with π as it is not wanted to not be able to detect the install.
| recipe | pkg | lob |
|---|---|---|
| Adobe Reader | π | π |
| Firefox | π | π |
| Yubico Authenticator | π | π |
| Google Chrome | π | π |
| Zoom | π | π |