This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(44.800000000000004, 32%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EWT%3C/text%3E%3C/svg%3E)
Hello,
Is it possible to register a MacOS device without enrolling it into Intune? The same way you can register mobile devices without enrolling them via authenticator (settings > device registration)
We don't have a need to manage the device other than to apply conditional access policies on specific MacOS devices.
@tartor321 Thanks for posting in our Q&A.
If you want to use conditional access policy, the MacOS device don't need to enroll to intune. We can set up app-based conditional access policy.
https://learn.microsoft.com/en-us/mem/intune/protect/app-based-conditional-access-intune-create
To clarify this issue, what did you mean "specific MacOS devices"? Based on my understanding, there is a feature called "Filter for devices" in a conditional access policy that can filter the devices you want. However, this feature works on devices that are enrolled to intune.
Thanks for your understanding.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
We're trying to whitelist say for example 10 mac devices that are only allowed to use O365 based on their device ID.
Currently we are able to filter for Windows and iOS devices that are not enrolled to Intune but rather only registered to Azure AD via conditional access AND we can also filter them based on their device ID generated in Azure.
Can the same be done for MacOS?
@tartor321 Did you mean that the devices are not enrolled to intune but are joined to Azure AD? As you said, if it works on windows, I think you can do the same for MacOS.
@tartor321 Did you mean that the devices are not enrolled to intune but are joined to Azure AD? As you said, if it works on windows, I think you can do the same for MacOS.
Yep that's correct
The solution in the end was to use JAMF > setup device compliance using link and below in which will start populated Azure AD with mac devices depending on criteria
https://docs.jamf.com/10.37.0/jamf-pro/documentation/Device_Compliance.html