May 20, 2024

i-Guide Line

Splendid Computer&Technolgy

How to enroll and regulate Mac products with Intune MDM

5 min read

Businesses may possibly deploy macOS gadgets in a principally Home windows-oriented workplace, which can generate desktop management problems for IT.

No matter whether the macOS devices are a portion of an organization’s fleet of managed units for a design and style division, C-degree administration or even BYOD end users, IT directors will need to find a way to secure and manage these desktops. Some cell machine management (MDM) platforms, regardless of their identify, offer you basic desktop management controls that can enable out in these conditions.

Why corporations use MDM to manage macOS desktops

To aid buyers doing the job from their chosen units, IT should assure individuals devices are protected and compliant with its organization’s policies for accessing company info and methods. Apple units, in normal, come with some terrific developed-in MDM capabilities. IT can use these abilities to take care of Mac gadgets inside organizations and configure vital options to hold details and methods safe and sound and protected.

MDM can critical in on particular machine restrictions even though requiring specific designed-in macOS capabilities, these as FileVault, Firewall and Gatekeeper. Quite a few MDM platforms present configuration selections to deal with those people abilities.

IT can configure these abilities making use of an MDM answer standalone or with Apple Business enterprise Manager (ABM). The MDM-ABM pairing permits corporations to choose the administration of Apple units to the subsequent amount by creating supervised units. Supervision empowers businesses to configure additional machine constraints and device attributes. That contains configurations regarding the installation of applications and settings regarding the set up of computer software updates.

Apple macOS products become immediately supervised when IT works by using Automated Unit Enrollment (ADE) — a operation inside ABM for enrolling gadgets into MDM.

On top rated of the MDM abilities, several MDM platforms deliver an extra configuration layer for highly developed management abilities. For example, Microsoft Intune, which involves MDM capabilities as section of the Microsoft Endpoint Manager platform, involves the added Microsoft Intune management agent. That agent delivers custom made scripting capabilities on macOS desktops, and IT can be certain it installs mechanically with the correct scripts. Those scripting capabilities develop an supplemental configuration layer. With that layer in location, IT can established up nearly any system controls with personalized scripting.

What enrollment selections are available for macOS products?

IT administrators will need to enroll macOS devices in an MDM platform to regulate them properly. There are quite a few procedures IT could use to enroll macOS gadgets, frequently connected to unit ownership.

The following are the most common choices for MDM enrollment:

  • MDM-precise application. MDM suppliers offer a committed app for enrolling and setting up products. It assures that people equipment comply with the firm policies. For case in point, when on the lookout at Microsoft Intune, that specific app is the Company Portal app. The consumer has to down load the Company Portal app and stick to the on-display techniques to enroll the Mac gadget. Following enrollment is complete, Intune has them marked as personal products. In this scenario, IT directors never have all the remote management abilities that occur with other enrollment options. Some personal data is not seen to the Intune administrator to preserve the user’s privacy.
  • Automatic Machine Enrollment (ADE). The most prevalent approach for enrolling corporate-owned devices is using ADE, the technique for products registered in ABM. The Microsoft Intune ADE method gives a immediate integration quickly, as the identify indicates. Once a registered product boots up, the person can comply with the out-of-box practical experience to configure and enroll the Apple products. Following enrollment, these devices are registered as corporate devices. These devices are instantly supervised, and the IT directors will have all the macOS administration abilities available through the MDM platform.
  • MDM-particular solutions. Unique MDM platforms offer particular enrollment alternatives for bulk enrollment or kiosk devices. Sticking with the Microsoft Intune illustration, there is a immediate enrollment alternative by using Apple Configurator. IT can use Mac products that do not want a specific person affinity. IT can also use a Unit Enrollment Manager account to enroll up to 1,000 gadgets with a single account. Other MDM suppliers give related enrollment selections unique to their platforms — in some situations with several variants of all those customized selections.

Take note: IT admins can sign-up Mac units in ABM by means of the reseller of the product. Alternatively, starting off with iOS 15, it is really doable to use Apple Configurator on iOS to sign up Mac equipment with ABM.

How to enroll Mac gadgets in MDM

When it isn’t universally the very best choice, the most frequent enrollment process that IT will need to have to know is enrollment via a companion app. That process is tailor-made to BYOD, but Mac directors can also use it for corporate-owned units when there is no ABM obtainable. In possibly scenario, the system is, by default, registered as a personalized unit in Microsoft Intune. Desktop admins can manually regulate this if needed. IT can complete the undertaking of Mac enrollment working with the Organization Portal app by means of the subsequent ways:

1. Open a browser and navigate to Microsoft’s web page to download the Enterprise Portal installer file underneath the Set up Corporation Portal application.

2. Right after it is really downloaded, open the installer and comply with the prompts to be certain suitable installation.

3. Once the set up is successful, open the Enterprise Portal application and indicator in with a get the job done or school account.

4. As soon as signed in with the Company Portal application open, click on Start off to begin the enrollment course of action.

5. On the Evaluation privacy data webpage, validate the facts that the corporation can see and click on Go on (Determine 1).

An image of the Company Portal app displaying the Mac's privacy information.
Figure 1. The privateness data that the IT division can and can’t see on the managed Mac exhibited in the Organization Portal application.

6. On the Set up management profile webpage, perform the next steps:

  • Click on on Obtain profile to obtain the administration profile (Figure 2).
  • On the Handle Profile options webpage, click on Set up to set up the administration profile.
  • On the verification dialog box, simply click Install to put in the administration profile.
  • On the qualifications dialog box, provide administrator qualifications to get started the enrollment.
An image of the downloadable management profile for Macs.
Determine 2. The administration profile in the Firm Portal application that IT can download for Mac management.

7. On the Look at product options page, confirm the enrollment and compliance position of the product and click Completed.

The moment the enrollment of the Mac unit is comprehensive, IT can navigate to the spot System Preferences > Profiles > Management Profile to validate the level of manage that the IT directors have over the machine.