New macOS management functionality

Some of the key device management features released in Intune across 2024 are likely to change your mind about using a Microsoft product to manage your macOS devices.

• Device onboarding: automated device enrolment now supports the option to wait for final configuration, ensuring that security workloads, including FileVault encryption, have completed before a user has access to the desktop, as well as the creation of a user account based on the Entra ID native, or synchronised user, starting the enrolment process
• Device security: set up security baselines (CIS, NCSC, Cyber Essentials) using Intune, configure FileVault encryption with key escrow to Entra ID, manage the device firewall and rules, enable silent onboarding to Microsoft Defender for Endpoint, and deploy OS updates in a controlled way
• Application deployment: the ability to deploy Microsoft applications such as Edge and M365 Apps, and managed PKG and DMG applications, as either required installations or using the Company Portal as self-service application catalogue, and the ability to phase the deployment of Microsoft application updates
• Seamless user experience: expanding on the previous implementation of the SSO (Single Sign-On) app extension, allowing for seamless authentication to Microsoft authenticated websites, the SSO Platform extension now allows for single sign-on to all Microsoft applications, joining the device to Entra ID, and use of a single password or password-less authentication to both the device and Microsoft authenticated services

These are a handful of examples of the new options for managing macOS devices in Intune to improve the overall user experience on the device and ensure that these operating systems are secure, up-to-date, and fit for a corporate environment.

Upcoming Apple device management features

To cement the commitment Microsoft are making to manage macOS devices in Intune, and become the lead for management of this platform, not only did they offer support for macOS 15 (Sequoia), but on their roadmap are several additional features for macOS devices set for release over the coming months and into 2025.

• Local account management: native management of local accounts on the device, including management of administrator accounts, and role-based permission groups for administrator and standard users using existing or new Entra ID groups
• Custom compliance: building on the existing compliance offerings in Intune for minimum operating system, device security settings, and password complexity, custom compliance allows the extension of security centric checks, to enhance device security in conjunction with conditional access
• Declarative device management: Microsoft continue to invest resource into additional device and security configuration approaches using DDM (declarative device management), after being the first in the market to offer support of this new management method for macOS devices, delivering further settings and features in Settings Catalog with the new release of Intune

With the above existing and upcoming management options for macOS devices, the integration with Remote Help as part of Intune Suite, onboarding to Defender for Endpoint, configuration of Device Compliance, Conditional Access, Device Restrictions, Certificate deployment, Wired and Wireless networks, VPNs, and more, you can now align your overall management approach and security posture of your once left in the dark macOS devices, to your existing and matured management of Windows devices.

So, what is stopping you from moving to Microsoft Intune?