Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community

Azure AD and Intune now support macOS in conditional access!

Community Manager

Conditional access is one of the fastest growing services in EMS, constantly getting feedback from customers about new capabilities they would like to add to it. One of the most frequently requested is support for macOS. Customers want to have one consistent system for securing user accessing to Office 365 on all the platforms their employees are using.

 

So we're excited to share that Azure Active Directory and Intune now support macOS platform for device-based conditional access! Administrators can now restrict access to Intune-managed macOS devices using device-based conditional access according to their organization’s security guidelines.

 

082217_2143_AzureADandI2.png

 

Read more about it in the Enterprise Mobility & Security blog.

 

 

8 Replies

Unfortunatelly our Mac won`t let me enroll the device and we only have one Mac to test on, we are all Windows users :)
But is anybody succesfull of enrolling their device?

@Eric Starker - couldn't agree more, conditional access is a compelling story in managing and controlling access to services like Office 365. Support for MacOS closes another gap. 

 

@Peter Klapwijk - yes, I also played with this during private preview.  The actual MacOS management capabilities needs to grow more, but heading in the right direction. 

@Eric Starker I know it`s in preview, but can I get some support on enrolling our Mac?
We have a few customers using only Mac for which this is very interesting, but we need to be able to demo this. Thanks

Hey @Peter Klapwijk - where are you blocked? 

I have downloaded the portal app, moved it to the applications folder. After opening en loggin on to the app when I try to enroll I receive the message: Couldn`t enroll device
You can retry or send a report to your IT admin.

OK, so device enrollment requires an Intune license - is the user that is attempting the enrollment assigned an Intune license? 

 

As an alternate to the Company Portal App - can you login in to the Company Portal site (portal.manage.microsoft.com)?  From here you can also attempt enrollment too. 

Yes the user is licensed with EMS.
When using the portal it shows be an error This service is not supported. Error: AccountNotOnBoarded

According to this article it`s an certificate issue: https://docs.microsoft.com/en-us/intune-classic/troubleshoot/troubleshoot-device-enrollment-in-intun...

Good catch.  Yes, you need a certifiacte in place to manage iOS and MacOS devices.  The link points to the old (Silverlight) console, but the same principles apply to the new Ibiza console too. See here: https://docs.microsoft.com/en-us/intune/apple-mdm-push-certificate-get