cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Resolved: Follow-up to IT172124 – Can’t renew macOS Profiles running 10.14 and higher
By
Intune_Support_Team
Published Jan 24 2019 04:39 PM 5,859 Views
Intune_Support_Team
Microsoft
‎Jan 24 2019 04:39 PM

Resolved: Follow-up to IT172124 – Can’t renew macOS Profiles running 10.14 and higher

‎Jan 24 2019 04:39 PM

Fully resolved. Update to 10.14.4 which is now available. This fixes the known issue. 

 

We recently posted MC172422 – the text of which is listed below. There’s a known issue for macOS running version 10.14 and higher where MDM-enrolled macOS devices may fail to renew their management profile. The only workaround is to un-enroll and re-enroll the device prior to the certificate expiration. We have been working with Apple and Apple has confirmed that they need to take a fix on their side. Apple expects to ship the fix in their next OS beta update. We have tested the fix in beta and it addresses the issue. Please adopt the next OS update for macOS. Once we test the fix, we'll update this post. Unfortunately, at this time, there’s no action Intune can take. Intune has a ticket filed with Apple and we will keep you posted if we have any updates. 

             

Here’s the M365 Message Center post:

 

MC172422 - Prevent or Fix Issues

Published On: January 22, 2019

 

As described in IT172124, there’s a known issue where Intune-enrolled macOS devices may fail to renew their management profile. Typically, devices attempt to renew their management profile upon every check-in starting at 28 days before the profile expires. We’re working with Apple to fix the bug, but there’s no estimate on the timing for the fix.

 

How does this affect me?

This issue has been seen in devices running OS version 10.14 or higher enrolled in Intune.

 

What action do I need to take?

Until this bug is fixed, you can either choose to not update to macOS Mojave (version 10.14) or you can run the script linked to in Additional Information to identify the devices that could have a management profile expire and then re-enroll them into Intune when they get close to their expiration date. The management profile is valid for a year and re-enrolling these devices would allow them to stay managed. We will remove this post when a solution is rolled out.

 

https://aka.ms/IT172124_script

 

Updated this post:

  • Feb 6, 2019 with info that the fix is in Apple's next OS update.
  • Feb 13, 2019 updated that the fix worked as expected. 
  • March 28, 2019 resolved (10.14.4 is live).

 

Version history
Last update:
‎Nov 30 2023 04:00 PM
Updated by: