• 06/12/2020
  • 3 minutes to check out

In this short article

Intune lets you manage macOS devices to provide users access to company email and apps.

As an Intune admin, you can set up enrollment for company-owned macOS devices and personally owned macOS gadgets (“bring your own gadget” or BYOD).

Requirements

Complete the following prerequisites prior to setting up macOS device enrollment:

User-owned macOS gadgets (BYOD)

You can let users enroll their own individual devices into Intune management. This is known as “bring your own device” or BYOD. After you have actually completed the prerequisites and assigned user licenses, your users can enlist their gadgets by:

You can also send your users a link to online registration steps: Enroll your macOS gadget in Intune.

For details about other end-user tasks, see these posts:

Company-owned macOS devices

For companies that acquire devices for their users, Intune supports the following macOS company-owned device registration techniques:

Block macOS enrollment

By default, Intune lets macOS gadgets register. To obstruct macOS gadgets from registration, see Set gadget type limitations.

Enroll virtual macOS devices for screening

Note

macOS virtual machines are only supported for testing. You need to not utilize macOS virtual devices as production devices for your end users.

You can enlist macOS virtual makers for testing utilizing either Parallels Desktop or VMware Fusion.

For Parallels Desktop, you require to set the hardware type and the serial number for the virtual makers so that Intune can recognize them. Follow Parallels’ instructions for setting hardware type and serial number to establish the required settings for testing. We recommend that you match the hardware kind of the device running the virtual machines to the hardware type of the virtual devices that you’re producing. You can find this hardware key in Apple menu > About this Mac > System Report > Design Identifier.

For VMware Blend, you need to edit the.vmx submit to set the virtual machine’s hardware model and serial number. We recommend that you match the hardware kind of the gadget running the virtual makers to the hardware kind of the virtual machines that you’re creating. You can discover this hardware type in Apple menu > About this Mac > System Report > Model Identifier.

User Authorized enrollment

User Approved MDM registration is a kind of macOS enrollment that you can use to manage specific security-sensitive settings. For more information, see Apple’s support documents.

Since June 2020, all new macOS MDM enrollments in Intune, consisting of those refrained from doing through Automated Gadget Enrollment (ADE), are considered user authorized. The end-user should manually install the management profile in System Preferences > Profiles, and hence provide approval of the management profile. System Preferences is released automatically from the Business Portal app for BYOD macOS users. Directions to set up the management profile are supplied in the Company Portal app.

BYOD macOS MDM registrations prior to June 2020 might not be user approved if the end-user did not by hand supply approval of the management profile in System Preferences > Profiles. For BYOD enrollments after June 2020, the Company Portal app launches System Preferences for the user and the user will require to choose Install. If the user did not authorize the management profile throughout enrollment, the user can go to System Preferences > Profiles, choose the management profile, and choose Approve to approve the profile at a later moment.

Discover if a device is User Authorized

  1. Check in to the Microsoft Endpoint Supervisor admin center.
  2. Select Gadget > All devices > pick the device > Hardware.
  3. Check the User authorized registration field.

Next actions

After macOS gadgets are registered, you can develop customized settings for macOS devices.