Event details
129 Comments
Hey. Many thanks for all the great updates we've been receiving over the last 12 months, I have a few questions but understand if only one can be answered due to fairness and time constraints.
- Is there an estimated time in which we will be able to have optional unmanaged/flexible packages
- Are there any plans for bootstrap packages? So we can enhance onboarding even further and even remove the need for setting a temporary local password for psso setup
- One of the biggest pain factors that people transferring from competitors have is the speed of which scripts & profiles are rolled out, are there any plans to improve or provide an instant deployment option for a profile or script?
- Are there any plans to allow us to create dynamic groups based on a custom attribute?
Thanks for participating in today's session of AMA: Securely manage macOS with Intune! For reference, the panel covered your 2nd question at around 28:45.
mcnahumMicrosoft
1. soon ... we are working on it 2. bootstrap tokens are supported for more than a year now, the temporary password is needed as there is no PSSO on setup assistant in Sonoma... if Apple allow it we will work on it 4. There is a difference with what you are seeing on the UI and what happened on the device, we are looking how to reduce that delay, but Globally on Intune 3. not really, still looking a scenario that cannot be archive with another way, like Pre/Post scripts. happy to hear a specific need.Hey, Many thanks for your response, it's appreciated. Glad to hear about unmanaged packages, with the community driven tool IntuneCD this will make for a fantastic alternative to Munki and reduce overhead.
Bootstrap tokens are great and I understand how using Octory is good, but Octory doesn't always fire and the Mac will take several restarts for it to finally register. Bootstrap packages will eliminate this completely. We will also be able to use bootstrap packages to create & set the local user password so the user doesn't need to and they have a smoother, less confusing onboarding experience.
So it is the reporting in Intune that is the problem? Would that also be the reason why scripts are continuously executed when a device is sync'ed but the report on Intune is showing as "pending"? I always have to create logic inside my scripts to detect on a local level if it has run successfully or not and then exit.
I'm not sure if your last answer was referring to my question 4 😅
- Is there an estimated time in which we will be able to have optional unmanaged/flexible packages
- Specific questions related to Entra IDs Platform SSO integration: 1. Currently, there is no way to programmatically prompt end users to sign into Entra IDs integration of Platform SSO. What can be done to invoke the sign in prompts via a command line interface so large enterprises that want to roll out Entra ID PSSO to end users? Looking for a command to call via an MDM or LaunchAgent/Daemon to accomplish this on an interval and/or limited scope. 2. Today, to enable Platform SSO via Entra ID on Macs, you need to deploy the entire company portal application - are there plans to break out the Entra Platform SSO extension as it's own packages for enterprises that do not utilize company portal for their end users?
- mcnahumThe company portal is the broker here, is it mandatory to be pushed on the device even if you push it silently.
- And what about the first question?
- Do you mean we loose part of supervision when migrating (like on iOS)?
- mcnahumno macOS are always supervised when enrolled on MDM
- Like pertaining to the guy that just said something about how to make someone not a admin . That could potently could be bad if said mdm shouldnt be on said device. There isn’t a profile available to delete but there is one somewhere because it is under mdm 100% certain. Some places will tell you so if you try to go change something. I’m trying to start a business and it’s really been a nightmare.
- Factory reset on a mass enrollment is not a great plan. Will we ever be able to enroll a device as supervised without the factory reset?
We had success manually re-enrolling devices to Inune by pointing all devices to Intune for management in Apple Business, sending the remove MDM command from Jamf, then in the local terminal running this command to re-enroll the Macs in Intune... sudo profiles renew -type enrollment It's a fully manual process, but we avoided the full wipe.
- will there be an option to filter shell scripts? so we can make sure that the scripts only land on certain devices.
- Hi, now we have to use different config profiles containing extensions, drive access, network filter, notifications in different custom policies, is there something on the roadmap to simplify this?
- If I am understanding your question, there has been discussion on naming convention for profiles which should simplify what you are looking for. There is no timeframe for this feature on the roadmap at the moment, but I will note down this feedback.
- Will Intune's device checkin be configurable instead of the 8 hours?
Thanks for participating in today's session of AMA: Securely manage macOS with Intune! For reference, the panel covered this topic at around 18:20.
- Joe_Lurie
In addition to Ben's answer on DDM, for the rest of Intune where the check-in is also 8 hours, please go to https://aka.ms/IntuneFeedback and leave that feedback. It's likely that the feedback has already been given, so a 👍would be great. You can also leave in-console feedback by sending a smiley/frown in the Intune admin center.
Thanks for the question!
- How can you defend if someone were to use this against your system? Never giving anyone permission to be a admin in your env.
- Is there an integration flow for the platform SSO for existing local user (personal computer account) already enrolled with ABM ? (existing devices in intune).. Also another question: with platform SSO with ABM will show the device as Registered or Joined to AAD?
Thanks for participating in today's session of AMA: Securely manage macOS with Intune! For reference, the panel covered this topic at around 16:45.
