Enrolling a Mac into Microsoft Intune

Mac management with Intune is something that I’m asked about fairly regularly. While our support today (at time of post) is limited, it’s very simple to offer this to your users. For those without a Mac handy, I wanted to show you the enrollment process for a Mac device.

Firstly, you need to make sure iOS and Mac enrolment is enabled on your Intune tenant. This means you need a valid APN cert.

You can check via the Admin section of the Intune admin portal.

image

If you need instructions on how to setup iOS and Mac support, see here for more info

https://docs.microsoft.com/en-us/intune/deploy-use/set-up-ios-and-mac-management-with-microsoft-intune

Now we want to enroll my Mac device.

First, open Safari and browse to https://portal.manage.microsoft.com 1

Login using your Intune licensed user

2

You’ll be presented with a list of your enrolled devices. For my user, he doesn’t have any devices yet.

You’ll see a banner at the top of the page that says “Either this device isn’t enrolled, or the Company Portal can’t identify it. Tap Here to select a different device”

Click on the Tap Here link to begin the enrollment

3

You’ll be presented with an enrollment prompt. Press the Enroll button

4

Then confirm the enrollment by pressing Install 5

The Mac will then direct you over to the System Preferences to install the management profile. This workflow is required by Apple to manage the device, and is very similar to the iOS enrollment prompts.

First, you’ll be asked if you want to install the Management Profile. Select Install. 6

Next, you’ll be asked to confirm, this time with the Intune management URL presented to ensure you trust the management profile source. Press Install.

7

Once the install is complete, you’ll have a Management Profile applied in your Device Profiles. This means this device is now under the Mobile Device Management of Intune.

8

And if I come back to my Intune portal (https://portal.manage.microsoft.com) you’ll see that my device is now listed as a managed device.

9

Now any WiFi, VPN, security settings or .mobileconfig file you deploy to this Mac will receive the configuration and apply to the device.

Until next time.

Matt Shadbolt
Senior Program Manager
Enterprise Client and Mobility – Intune

Comments

  • Anonymous
    September 11, 2016
    I look forward to more integration with Mac's, but this is a good start :)
  • Anonymous
    April 13, 2017
    Hi,I've noticed there's another profile added when enrolling, the "Passcode Profile". Is there an updated guide including this? steven.
    • Anonymous
      April 14, 2017
      Hi Steven. I think the profile just gets installed once the management profile is trusted. There should be no user interaction. Matt
  • Anonymous
    September 21, 2017
    I followed the steps. My Mac OS X 10.10.5 got enrolled successfully, however:- It is listed as "Mobile" under Device Type in the Intune admin Center's Groups view.- The operating system is blank in the same view.- The software inventory report is blank.There is no information whatsoever on what is required to generate a software inventory.Kieran Gupta somehow managed to produce a software inventory but he doesn't list the requirements for it - see his TechNet blog at https://blogs.technet.microsoft.com/enterprisemobility/2015/11/23/introducing-intune-support-for-mac-os-x-management/Any pointers are welcome.Thank you,Zoltan
    • Anonymous
      October 16, 2017
      Hi Zoltan. Your Mac devices will always display as "Mobile" as we're managing the device via the MDM (Mobile Device Management) platform for OSX. RE the inventory, can you please check that it's blank in the Intune on Azure portal? (portal.azure.com). If it's still blank in there, please raise a free Intune support case. Thanks!