Add a property list file to macOS devices using Microsoft Intune
Using Microsoft Intune, you can add a property list file (.plist) for macOS devices, or apps on macOS devices.
This feature applies to:
- macOS 10.7 and newer
Property list files, also called preference files, include information about your macOS apps. You define app properties or settings that you want to preconfigure. When the file is ready, you can use Intune to deploy the file to your devices and configure the app settings in your file.
Property list files are typically used for web browsers, Microsoft Defender for Endpoint, and custom apps.
Tip
For Microsoft Edge version 77 and newer, you can use the settings catalog. You don't have to use a preference file. For more information, go to Settings catalog.
For more information on plist files, go to About Information Property List Files (Apple's website) and Custom payload settings (Apple's website).
This article describes the different property list file settings you can add to macOS devices. As part of your mobile device management (MDM) solution, use these settings to add the app bundle ID (com.company.application), and add the app's .plist file.
These settings are added to a device configuration profile in Intune, and then assigned or deployed to your macOS devices.
Prerequisites
- To create the policy, at a minimum, sign into the Microsoft Intune admin center with an account that has the Policy and Profile Manager built-in role. For more information on the built-in roles, go to Role-based access control for Microsoft Intune.
- The device must be enrolled and MDM managed by Intune. For information on the enrollment options for macOS devices, go to macOS enrollment guide for Microsoft Intune.
What you need to know
These settings aren't validated. Test your changes before assigning the profile to your devices.
If you're not sure how to enter an app key, change the setting within the app. Then, review the app's preference file using Xcode to see how the setting is configured.
Apple recommends removing nonmanageable settings using Xcode before importing the file.
Only some apps work with managed preferences, and might not allow you to manage all settings.
Be sure you upload property list files that target device channel settings, not user channel settings. Property list files target the entire device.
If you're configuring the Microsoft Edge version 77 and newer app, then use the Settings catalog. For a list of the settings you can configure, go to Microsoft Edge - Policies (opens another Microsoft website).
Be sure macOS is listed as a supported platform. If some settings aren't available in the settings catalog, then it's recommended to continue using the preference file.
Create the profile
Note
Intune may support more settings than the settings listed in this article. Not all settings are documented, and won't be documented. To see the settings you can configure, create a device configuration policy, and select Settings Catalog. For more information, go to Settings catalog.
Tasks you can complete using the Settings Catalog in Intune is also a good resource.
Sign in to the Microsoft Intune admin center.
Select Devices > Configuration > Create.
Enter the following properties:
- Platform: Select macOS
- Profile type: Select Templates > Preference file.
Select Create.
In Basics, enter the following properties:
- Name: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name is macOS-plist file for Microsoft Defender for Endpoint.
- Description: Enter a description for the policy. This setting is optional, but recommended.
Select Next.
In Configuration settings, configure your settings:
Preference domain name: Enter the bundle ID for your app, like
com.company.application. For example, entercom.Contoso.applicationName,com.Microsoft.Edge, orcom.microsoft.wdav.When you create a preference domain, a bundle ID is also created.
Property list file: Select the property list file associated with your app. Be sure it's a
.plistor.xmlfile. For example, upload aYourApp-Manifest.plistorYourApp-Manifest.xmlfile.The key information in the property list file is shown. If you need to change the key information, open the list file in another editor, and then reupload the file in Intune.
Be sure your file is formatted correctly. The file should only have key value pairs, and shouldn't be wrapped in
<dict>,<plist>, or<xml>tags. For example, your property list file should be similar to the following file:<key>SomeKey</key> <string>someString</string> <key>AnotherKey</key> <false/> ...To see some property list file examples, go to Set preferences for Microsoft Defender for Endpoint.
Select Next.
In Scope tags (optional), assign a tag to filter the profile to specific IT groups, such as
US-NC IT TeamorJohnGlenn_ITDepartment. For more information about scope tags, go to Use RBAC and scope tags for distributed IT.Select Next.
In Assignments, select the users or groups that will receive your profile. For more information on assigning profiles, go to Assign user and device profiles.
Select Next.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned. The policy is also shown in the profiles list.
Resources
Assign the profile and monitor its status.
For more information on preference files for Microsoft Edge, go to Configure Microsoft Edge policy settings on macOS.
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for