Attempts to deploy Symantec Endpoint Protection (SEP) for Mac via Microsoft's MDM solution "Intune" hang at approximately 80% of the deployment process.
SEP 14.2 MP1+
Microsoft's Intune solution requires notarized pkg files.
See instructions here to create the SEPRemote.pkg file and use SEP for Mac version 14.2.5580 or newer: Exporting and deploying the Endpoint Protection Macintosh client with remote tools.
SEP installers include a Broadcom signature but they are not notarized because they usually contains elements that are unique to each customer's environment—SEP management server address(es), certificates, etc—and customer must obtain their own Apple Developer ID to sign and notarize pkg files. Consult Apple technical support for help with obtaining a developer identity and notarization: Notarizing macOS Software Before Distribution.