As Apple releases new operating systems (OS) throughout the year, Microsoft Intune plans to support critical functionality that comes with each new version. With the upcoming release of macOS 14 (Sonoma) expected later this year, we’re moving to a new support model for devices that enroll without user affinity. The objective of the new support model is to define supported and allowed OS versions to keep enrolled devices secure and minimize disruptions for IT admins and users.
This support includes enrollment methods for macOS devices that don’t associate a primary user with the device, namely, Direct Enrollment and Automated Device Enrollment (ADE) without user affinity. We strongly recommend updating your organization’s macOS devices to the most recent macOS version publicly available to keep your devices updated and secure.
Supported macOS versions includes macOS devices without a primary user running the three most recent major macOS versions. They’ll be fully supported by Intune. Devices running macOS 14.x, 13.x, and 12.x can enroll and take advantage of all Intune macOS management functionality that is applicable to devices enrolled without a primary user, and all new eligible features will function on these devices.
Allowed macOS versions includes macOS devices without a primary user running a non-supported macOS version (within three versions of the supported versions). These will be able to enroll and take advantage of Intune’s eligible features supported by the mobile device management (MDM) protocol. However, there’s no guarantee that these features will remain functional and free of bugs or issues. Macs enrolled with user affinity or apps that rely on user sign-in will continue to not be supported on allowed macOS versions.
New macOS enrollments without primary user and feature support |
Supported versions |
Allowed versions |
Three most recent versions: macOS 12.x (Monterey) and later |
Up to three versions below the minimum supported version: |
Additional information
Let us know if you have any questions by replying to this post or reaching out to @IntuneSuppTeam on Twitter.