Fixed 😎
This issue was fixed with the release of IntuneMDMAgent version 2404.005. Please check here for more information.
Understanding the problem
During extensive testing of Intune enrollments with macOS Sonoma beginning of January (find here why), a colleague of mine mentioned an unexpected behaviour of machines installing applications on reboots. This seams interesting to investigate further.
So I analysed this behaviour in some virtual machines and on the Macs of my colleagues.
- I figured out that the apps (PKG and DMG) in question where installed before the reboot with the Intune installation intent ‘required’.
- This could be just a few hours ago on the speciific machine or can happen weeks after the inintial install.
- Before the reboot I was able to confirm that the applications are installed and should be detected by IntuneMDMAgent.
- Currently I can not reproduce this on every reboot in our setup but it happens a lot.
State of analysis
I was able to check if apps are successfully installed by querying installed apps with the following command and output the result to a file before a reboot.
Just use the following command via Terminal:
sudo /usr/libexec/mdmclient QueryInstalledApps > installedApps.txt
This will give you a verbose output of the detected app on the specific machine.
On the affected machines I perfomed a shutdown and booted the machine some minutes later. Now, I checked the /Applications folder for required apps and ‘Date modified’ changed to the current time before analysing the IntuneMDMDaemon.log file for suspicious activities.
It looks like that the apps are installed, but the detection of already installed apps fails for no obvious reason.
2024-01-19 11:39:54:236 | IntuneMDM-Daemon | E | 5244 | AppDetection | Error in getting requirement for apps. Error: AppDetectionError.errorGettingBundleIDAsString, PolicyID: 3bc5b6c6-33dc-4ce2-80fa-9f8830b5d6c7, AppName: Microsoft OneDrive, BundleID: com.microsoft.OneDrive
Ticket at Microsoft I opened a ticket at Microsoft. End of last week Intune Product group confirmed this is reproducable and other customers also reported this behaviour. I will update the post if I get more information what is the root cause and a potential fix.
Update #1 - 2024-03-25 20:20 CET There is some good news regarding this issue. I am currently testing an updated version of Sidecar Agent (IntuneMDMAgent) which fixed the detection. The detection is now very stable. Once the update is available I will share how you can verify that the new Agent is on your machines.
Update #2 - 2024-03-30 10:30 CET Microsoft now released the Company Portal version (20240301). The Sidecar Agent version included in this release verified by checking the IntuneMDMAgent in ‘/Library/Intune/IntuneMDMAgent.app’.
Update #3 - 2024-04-09 20:45 CEST
ISSUE FIXED!
Yesterday I received the most current version of IntuneMDMAgent (2404.005) that fixed this issue in all my tests. I tried reproducing with multiple VMs and Macs the issue in the last two days. I was not able to get these machines with over 100 reboots or shutdowns to show the reported behavior. I closed the ticket now at Microsoft.
You can easily check the version of the Sidecar Agent in Terminal with the defaults read command. To get an overview of all Agent versions in a fleet, I will create a ‘Custom Attribute’ in Intune. I created a little bash script:
#!/bin/bash
#Check Intune Agent (sidecar agent) version
defaults read /Library/Intune/Microsoft\ Intune\ Agent.app/Contents/Info.plist CFBundleShortVersionString
Now you can create a ‘Custom Attribute’ in the Intune Admin center. Go to ‘Devices -> macOS -> Custom attributes’ and click on the ‘Add’ bottom.
In the first screen ‘Basic’ choose a name and add a description for your custom attribute and click ‘Next’.
On the next page ‘Attribute settings’ choose ‘Data type of attribute’ = String and upload the script I showed you above. Afterwards, you can finish the creation of the new custom attribute by adding scope tags in step 3, assign the attribute to all your machines or users as you like and lastly add it.
Now you will always have a nice overview of all the machine’s currently reported IntuneMDMAgent version in case you want to dig deeper.