If you're not an E5 customer, use the 90-day Microsoft Purview solutions trial to explore how additional Purview capabilities can help your organization manage data security and compliance needs. Start now at the Microsoft Purview trials hub. Learn details about signing up and trial terms.
We recommend downloading the bundled mdatp.mobileconfig file, rather than the individual.mobileconfig files. The bundled file includes the following required files:
accessibility.mobileconfig
fulldisk.mobileconfig
netfilter.mobileconfig
sysext.mobileconfig
If any of these files are updated, you need to either download the updated bundle, or download each updated file individually.
Get the device onboarding package
In the Microsoft Purview portal open Settings > Device Onboarding and then choose Onboarding.
For the Select operating system to start onboarding process option, choose macOS.
For Deployment method, choose Mobile Device Management/Microsoft Intune.
Choose Download onboarding package.
Extract the .ZIP file and open the Intune folder. This contains the onboarding code in the DeviceComplianceOnboarding.xml file.
Deploy the mobileconfig and onboarding packages
Open the Microsoft Intune admin center and navigate to Devices > macOS > Configuration.
Choose: + Create and then choose New policy.
Select the following values:
Platform = macOS
Profile type = Templates
Template name = Custom
Choose Create.
Enter a name for the profile, such as Microsoft Purview System MobileConfig, and then Choose Next.
Choose the mdatp.mobileconfig file that you downloaded in Step 1 as the configuration profile file.
Choose Next.
On the Assignments tab, add the group you want to deploy these configurations to and then choose Next.
Review your settings and then choose Create to deploy the configuration.
Repeat steps 2-9 to create profiles for the:
DeviceComplianceOnboarding.xml file. Name it Microsoft Purview Device Onboarding Package
com.microsoft.wdav.mobileconfig file. Name it Microsoft Endpoint Device Preferences
Open Devices > Configuration profiles. The profiles you created now display.
In the Configuration profiles page, choose the profile that you just created. Next, choose Device status to see a list of devices and the deployment status of the configuration profile.
Publish the application
Microsoft Endpoint data loss protection is installed as a component of Microsoft Defender for Endpoint on macOS. This procedure applies to onboarding devices into Microsoft Purview solutions
Under App type scroll to Microsoft Defender for Endpoint and select macOS.
Keep the default values and then choose Next.
Add assignments and then choose Next.
Review your chosen settings and then choose Create.
You can visit Apps > By platform > macOS to see the new application in the list of all applications.
Offboard macOS devices using Intune
Notitie
Offboarding causes the device to stop sending sensor data to the portal. However, data from the device, including reference to any alerts it has had, will be retained for up to six months.
In the Microsoft Intune admin center, open Devices > Configuration profiles. The profiles you created are listed.
On the Configuration profiles page, choose the wdav.pkg.intunemac profile.
Choose Device status to see a list of devices and the deployment status of the configuration profile.
Open Properties and then Assignments.
Remove the group from the assignment. This will uninstall the wdav.pkg.intunemac package and offboard the macOS device from Compliance solutions.
Plan and execute an endpoint deployment strategy, using essential elements of modern management, co-management approaches, and Microsoft Intune integration.