Exploring the use cases of payloadless packages in Microsoft Intune for macOS

By: Iris Yuning Ye | Product Manager - Microsoft Intune

Payloadless PKGs are a powerful tool that extends macOS app management functionality. A payloadless PKG is a type of package file used primarily in macOS environments that doesn’t contain or deliver any actual application or data files. Using Intune, you can deploy payloadless PKGs to managed macOS endpoints using built-in macOS PKG management capabilities. The best use case of payloadless PKGs is for running scripts on-demand. Additionally, since payloadless packages are PKG files installed via macOS agent channel, pre-install and post-install scripts are also available.

Important: From a support perspective, Microsoft fully supports Intune and its ability to deploy scripts. However, Microsoft does not support the scripts themselves, even if they’re on our GitHub repository. They’re provided for example only. You’re responsible for anything that they may do within your environment. Always test!

The example below is a script that modifies the desktop dock. You can deploy this to managed macOS endpoints using a payloadless PKG. This is a partial code snippet only to present the key dock configuration. To fully modify the endpoint’s desktop dock, you need to update the script further including specifying local app paths and adding logic to conditionally configure the dock that applies to your environment. For the complete script, refer to: Microsoft Shell Intune Samples - Dock.

(Omitted the preparation code lines)

# Check if apps are installed

if [[ "$waitForApps" == true ]]; then 
  echo "$(date) | Waiting for apps to be installed..." 
  wait_for_apps_installation 900 # Wait 900 seconds for apps to be installed 
fi

#if useDockUtil is true, use dockutil to configure the dock
if [[ "$useDockUtil" == true ]]; then 
  echo "$(date) | Configuring dock with dockutil" 
  install_dockutil_if_missing 
  configure_dock_with_dockutil 
else 
  echo "$(date) | Configuring dock with plist" 
  configure_dock_via_plist 
fi

By deploying this via a payloadless app, you can make it available in the Intune Company Portal. To do this you’ll need to use a payloadless package (Intune Unmanaged PKG) and a post-install script (Intune PKG Post Install Script).

1. Upload dock.pkg to Intune: This is a totally empty PKG that creates a receipt name of com.intune.dock. For guided steps on how to upload the PKG refer to: Add an unmanaged macOS PKG app to Microsoft Intune. When you assign the package, ensure that you do it as available.
2. Paste dock5.sh contents as Post Install Script: For this flow, ensure that waitForApps is set to false.

For details of pre-install and post-install scripts, refer to the blog: Understand pre-install and post-install scripts in macOS Intune.

Here is a demo of what it looks like when you deploy this payloadless package to modify endpoint desktop dock:

There are multiple app types available for deployment from Microsoft Intune to managed endpoints including macOS PKGs which you also use for payloadless PKGs. Learn more about the different app types in the blog: Understanding application types in Microsoft Intune for macOS.

A screenshot of the app types available for macOS in the Microsoft Intune admin center. (Apps > macOS > Add App > macOS app (PKG)).

In conclusion, payloadless PKGs are a versatile tool that enhances macOS app management. With the ability to add and configure macOS apps in Intune, you can maintain a high level of control and flexibility over your macOS app deployments.

For more information on adding and deploying a macOS PKG in Intune, refer to: Add an unmanaged macOS PKG app to Microsoft Intune.

If you missed it, check out Understanding application types in Microsoft Intune for macOS, and Understand pre-install and post-install scripts for macOS in Microsoft Intune, and let us know if you have any questions, by leaving a comment or reach out to X @IntuneSuppTeam.