Event banner
Microsoft Intune reinvents Mac management
Event Ended
Thursday, Nov 30, 2023, 07:00 AM PSTEvent details
Learn about the latest developments in Intune Mac management that help simplify your IT workflows and better secure your complete device estate. Get a sneak peek into how we are innovating, including feature demos from the Intune Mac management roadmap.
This session is part of the Microsoft Technical Takeoff: Windows + Intune. Add it to your calendar, RSVP for event reminders, and post your questions and comments below! This session will also be recorded and available on demand shortly after conclusion of the live event. |
Char_Cheesman
Updated Dec 27, 2024
- GavinMeerwaldCopper ContributorHow will the Platform SSO integration with Entra work for FileVault password?
- Roger_TrussBrass ContributorThat is a great question. I know it's escrowed to Intune so I'll have to see if its still valid. I have had no reason to use it as of yet but still would like to know myself now.
- Roger_TrussBrass ContributorThanks all! Looking forward to the updated app deploy options and expanding our Platform SSO!!
- SvenV_Brass Contributor
Great session/video thank you for that!
Might it be possible to add the Defender script (pre and post script) that was shown in the demo to https://github.com/microsoft/shell-intune-samples/tree/master/macOS or if it is already there,
I would love a link to it, as I could not find it quickly.
Perhaps it is also a idea to add this to the documentation here > https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/mac-install-with-intune?view=o365-worldwide.
- Char_CheesmanBronze Contributor
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
- JereSepCopper ContributorAre you planning to support SCEP certificate to user logon keychain? ATM we can't use user-based certificates because of this. https://learn.microsoft.com/en-us/mem/intune/protect/certificates-profile-scep#:~:text=provisioned%20by%20SCEP%3A-,macOS,-%2D%20Certificates%20you%20provision
- Ernesto_Lara-Matthews
Microsoft
We are evaluating all the feedback in this area. We're ideating strategies to securely allow this, but not concrete plans that can be announced yet. Thanks for the feedback! - Neil Johnson
Microsoft
Yes! We're actively working on this, keep an eye out on our Intune What's new Page for more info early next year https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new
- Carter SeelyCopper ContributorAre there plans to simplify the onboarding that doesn't require a local account be created and the local account be the Entra ID username?
- Ernesto_Lara-Matthews
Microsoft
This is the next step to further simplify the logon flow on macOS. No concrete plans at the moment, but we are aware of the desire to have this. Thanks for the feedback! - Neil Johnson
Microsoft
During Q1CY24 we'll ship local account management, this sets the local user account name to come from the Entra ID used during setup assistant. Keep an eye out here https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new
- frwhite1290Copper ContributorWill Intune be adding a shared user login experience using Entra ID credentials?
- Neil Johnson
Microsoft
We've shipped the payloads for this already but it requires some changes in the SSO extension. Keep an eye out for the public preview during Q1 for more information.
- nickysnakesCopper ContributorCan you use the Platform SSO Entra join for device compliance?
- Neil Johnson
Microsoft
Hey Nicholas, Platform SSO registers the device in Entra which enables it to work with conditional access. For example, if you had a requirement for 'compliant device', completing Platform SSO would be sufficient for that to be evaluated.
- nickysnakesCopper ContributorDo you have or will be be working on a tool to assist with migrating to InTune from another MDM?
- SvenV_Brass Contributor
There are community tools/script that can help you with this
UnmanageJAMF script
Ioan Popovici has released this unmanageJamfDeviceAPI #bash script. This allows you to unmanage #macOS devices from #JAMF in bulk, for #MSIntune onboarding, where the MDM Profile is marked as non-removable.
https://github.com/MEM-Zone/MEM.Zone/tree/master/Scripts/Bash/unmangeJamfDeviceAPI
https://twitter.com/IoanPopovici/status/1640401089315893248
Intune onboarding tool
https://twitter.com/IoanPopovici/status/1635330465954664449
https://github.com/MEMZone/MEM.Zone/tree/master/Scripts/Bash/macOS%20Intune%20Onboarding%20Tool
I have no experience with the tools/scripts myself.
- Joe_Lurie
Microsoft
nickysnakes Because of certificates and tattooed policy settings that may be on the endpoint, there is no easy way to move from one MDM to another without doing a factory reset. Apple, Google, and Windows all recommend (in some instances it's required) a factory reset.
- Neil Johnson
Microsoft
Like Joe said, at the very least we need to un-enroll and re-enroll for MDM migrations. However, you can export and import custom policy from your existing MDM into Intune to make policy migration easier. We can also deploy custom PKG's etc that you're using today.
- mlawniczak123Brass ContributorWith our current Mac MDM solution we are able to make groups for devices using a wealth of criteria. In Intune, device groups are extremely limited, for example I can not make a group based on software applications that are installed on the machine in Intune. Are you working on closing gaps like this?
- Neil Johnson
Microsoft
Thanks for the feedback, we've been hearing this a lot lately. Today we have Dynamic AD groups in Entra and Intune Filters. These currently don't reach quite as far as some of our competitors and we're thinking of ways we can meet those gaps in the future. - Ernesto_Lara-Matthews
Microsoft
Thanks for the feedback! We are always looking for ways to improve our grouping and targeting across all platforms.