By Marc Nahum – Senior Program Manager | Microsoft Endpoint Manager – Intune
One question our customers often ask is how to configure an application on a macOS device with Microsoft Intune. Many macOS applications require more than just a standard install, with some needing significant configuration to make them work in your environment. You can use a property list file (.plist) in Intune to configure settings for a macOS application. This article gives a few practical examples that explain how to use property list files to modify settings for Intune Company Portal, Outlook for Mac, and CodeRunner.
Here are some things to consider when working with property list files:
- To validate setting changes, be sure to test them before assigning profiles to devices.
- Only some apps work with managed preferences and not all settings can be managed.
- Only use property list files that target device channel settings, not user channel settings. Property list files target the entire device.
- If you are configuring application settings that are available in the settings catalog, use this feature instead of a property list file to manage those settings. See the following for a list of settings you can configure in the settings catalog:
- Microsoft Edge version 77 or later: Microsoft Edge - Policies.
- Microsoft Defender ATP for Endpoint: Set preferences for Microsoft Defender for Endpoint on macOS
- Settings catalog is continually being extended. However, if the settings you want to modify aren't available, use a property list file instead.
Understanding macOS configuration files
Configuration files on macOS have the extension “.plist” (property list) and store configuration settings and properties. They are usually formatted in XML, although they can use JSON too (in which case you should convert them to XML with the command (plutil -convert xml1 pathToJSON).
The default naming convention for a property list file includes the distributor’s reverse DNS name prepended to the app or process name, followed by the .plist extension (for example, com.Contoso.application.plist or com.microsoft.Excel.plist).
Applications that use the standard macOS hierarchy will create .plist files in the folder ~/Library/Preferences (user preferences) or /Library/Preferences (system-wide settings). With Intune, you can configure settings for both.
Note: If an application uses another location, the only way to modify the settings is to use the Intune scripting engine (for details, see this blog post).
The high-level process to enforce a setting is always the same and can be applied regardless of the type of application:
- Install the application.
- Identify the .plist file location and open the file.
- Find the key responsible for the setting you want to change and modify the value as necessary.
- Test the changes locally.
- Enforce the updated setting with Intune.
Example 1: Enable data collection for Intune Company Portal
In this example, we will update a .plist file setting to upload Company Portal usage data to Intune. The majority of managed macOS devices have the Company Portal application installed.
Step 1: Identify the setting to modify
We want to enforce the parameter “Allow Microsoft to collect usage data.”
We can quickly identify the .plist file location:
~/Library/Preferences/com.microsoft.CompanyPortalMac.plist
We read the file with the defaults read command:
defaults read ~/Library/Preferences/com.microsoft.CompanyPortalMac.plist
We select and deselect the parameter on the UI and compare the output of the defaults read command to identify that the key that manages the setting is Enable_UsageDataSettings.
We read the value of the key with the command:
defaults read ~/Library/Preferences/com.microsoft.CompanyPortalMac.plist Enable_UsageDataSettings
A value of 1 means the setting is enabled, while a value of 0 means the setting is disabled.
Step 2: Prepare the file for upload to Intune
Now that we know which key value to change, we need to prepare the XML file which we will later upload to Intune and push to the devices.
First, we create a custom .plist file with only the key and value we need:
defaults write ~/Desktop/com.microsoft.CompanyPortalMac.plist "Enable_UsageDataSettings" -int 1
Next, we transform the .plist file from binary into XML so we can read it:
plutil -convert xml1 ~/Desktop/com.microsoft.CompanyPortalMac.plist
The new .plist file (com.microsoft.CompanyPortalMac.plist) we created on the desktop looks like this:
From this file, we create an .xml file that contains only the keys that we are modifying. This is the file we will upload to Intune. You can use TextEdit, CodeRunner, or the editor of your choice. For our example, we create an .xml file (com.microsoft.CompanyPortalMac.xml) that looks like this:
Step 3: Upload the file to Intune
Sign in to the Microsoft Endpoint Manager admin center and select Devices > macOS > Configuration profiles > Create profile > Templates > Preference file.
In Configuration settings, add the new file with the modified settings:
- Preference domain name: enter the name (app container) of the original file, without the extension.
- Preference list file: Select the .xml file you created in Step 2.
Continue through the template settings, configure scope tags as required, assign to the relevant group, and save your profile.
Note: You can monitor the console to see if the setting has been correctly deployed to devices.
Step 4: Going deeper (for fun)
If you want to see the .plist file pushed by Intune, it is in /Library/Managed Preferences/ and you can read it with the defaults read command:
defaults read /Library/Managed\ Preferences/com.microsoft.CompanyPortalMac.plist
The output from our example shows:
{
"Enable_UsageDataSettings" = 1;
}
Example 2: Enforce new Outlook for Mac (Office for Mac applications)
In this example we are going to enforce the New Outlook parameter, which is available as a toggle switch in the Outlook UI. This setting enables new Outlook for Mac functionality.
Note: For a list of available Outlook settings, see Set preferences for Outlook for Mac.
Step 1: Identify the setting to modify
As explained in Deploy preferences for Office for Mac, preference files for Office apps are stored in the app container, which is not the same thing as the app bundle. The app container is created the first time an app is run. The app container is in the user's ~/Library/Containers folder. For example, the app container for Outlook is named com.microsoft.Outlook. Within the app container, the .plist file is in the Data/Library/Preferences folder, and the file name is com.microsoft.Outlook.plist.
As explained above, we can identify the .plist file location:
~/Library/Containers/com.microsoft.Outlook/Data/Library/Preferences/com.microsoft.Outlook.plist
We read the file with the command:
defaults read ~/Library/Containers/com.microsoft.Outlook/Data/Library/Preferences/com.microsoft.Outlook.plist
From the documentation, we know that there are four possible values:
- 0 = Switch hidden (default)
- 1 = Switch displayed, default off
- 2 = Switch displayed, default on
- 3 = New Outlook enabled with switch hidden
In this example we will enforce the value 3.
Note: Default values can change from version to version, so ensure you validate changes in a test environment before you push them to production.
Step 2: Prepare the file for upload to Intune
Now that we know which key value to change, we need to prepare the XML file which we will later upload to Intune and push to the devices.
First, we create a custom .plist file with only the key and value we need:
defaults write ~/Desktop/com.microsoft.Outlook.plist "EnableNewOutlook" -int 3
Next, we transform the .plist file from binary into XML so we can read it:
plutil -convert xml1 ~/Desktop/com.microsoft.Outlook.plist
The new .plist file (com.microsoft.Outlook.plist) we created on the Desktop looks like this:
From this file, we create an .xml file that contains only the keys that we are modifying. This is the file we will upload to Intune. You can use TextEdit, CodeRunner, or the editor of your choice. For our example, we create an .xml file (com.microsoft.Outlook.xml) that looks like this:
Step 3: Upload the file to Intune
Sign in to the Microsoft Endpoint Manager admin center and select Devices > macOS > Configuration profiles > Create profile > Templates > Preference file.
In Configuration settings, add the new file with the modified settings:
- Preference domain name: enter the name (app container) of the original file, without the extension.
- Preference list file: Select the .xml file you created in Step 2.
Continue through the template settings, configure scope tags as required, assign to the relevant group, and save your profile.
Step 4: Going deeper (for fun)
Macadmins software independently hosted website with information on Microsoft Office for Mac. From the top menu, select Preferences to see a shared spreadsheet of Office for Mac preference keys, including information such as their type and default value.
Example 3: CodeRunner
CodeRunner, a common macOS application, is a programming text editor and IDE. In this example we will disable the parameter that hides the console automatically.
Step 1: Identify the setting to modify
We identify the .plist file in the expected location:
~/Library/Preferences/com.krill.CodeRunner.plist
We read the file with the command:
defaults read ~/Library/Preferences/com.krill.CodeRunner.plist
On a test device, in the Preferences > General menu, we manually set “Hide console automatically” and read the .plist file again. When we compare the output, we see a new entry:
“HideConsoleAutomatically = 0”
We will enforce a value of 1 to disable it.
Step 2: Prepare the file for upload to Intune
Now that we know which key value to change, we need to prepare the XML file which we will later upload to Intune and push to the devices.
We create a custom .plist file with only the key and value we need:
defaults write ~/Desktop/com.krill.CodeRunner.plist HideConsoleAutomatically -int 1
Then, we transform the .plist file from binary into XML so we can read it:
plutil -convert xml1 ~/Desktop/com.krill.CodeRunner.plist
The new .plist file (com.krill.CodeRunner.plist) we created on the Desktop looks like this:
From this file, we create an .xml file that contains only the keys that we are modifying. This is the file we will upload to Intune. You can use TextEdit, CodeRunner, or the editor of your choice. For our example, we create an .xml file (com.krill.CodeRunner.xml) that looks like this:
Step 3: Upload the file to Intune
Sign in to the Microsoft Endpoint Manager admin center and select Devices > macOS > Configuration profiles > Create profile > Templates > Preference file.
In Configuration settings, add the new file with the modified settings:
- Preference domain name: enter the name (app container) of the original file, without the extension.
- Preference list file: Select the .xml file you created in Step 2.
Continue through the template settings, configure scope tags as required, assign to the relevant group, and save your profile.
Conclusion
We hope these examples demonstrate how simple it is to use .plist files to modify settings for different types of macOS apps. With Microsoft Intune, you can ensure your enterprise application configurations are standardized the way you need them to be.
If you have any questions, reply to this post or reach out to @IntuneSuppTeam on Twitter.
Posted at https://sl.advdat.com/2TmzC9d