Intune For Mac

Posted on |

Is there Intune for Macs®? Unfortunately, there isn’t a short answer to this question. What we can say is that while Microsoft® Intune does support some functions for Mac, it really wasn’t designed as a cross-platform system management solution. In general, the focus of Intune is directed towards mobile device management and mobile app management.

Add mac to intune

What Does Intune Really Provide?

By: Arnab Biswas Program Manager - Microsoft Endpoint Manager - Intune You can use Microsoft Endpoint Manager to deploy the most common app types supported by macOS such as.pkg.dmg or.app. Natively, Mac MDM only supports installing signed.pkg-type applications. ‎Zoom for Intune is for admins to organize and protect BYOD environments with mobile application management (MAM). This app allows admins to protect corporate data while keeping employees connected. Zoom is your communications hub for meetings, webinars, chat.

Intune mac os

Think of Intune as more of an alternative to VMWare’s Airwatch® rather than Microsoft’s System Center Configuration Manager (SCCM). Need a visual? Check out this diagram to see how the add-on fits into the bigger picture of Microsoft solutions.

Mac Intune Management

The result is that while Intune can perform some functions on Macs, the concept of a platform that can dispense GPO-like Polices and commands for Macs isn’t completely delivered from Intune. Instead, Intune’s benefit is that it creates a framework for when devices can access Azure®-related data and applications. Intune, or a third-party solution, will send information back to Azure to decide its level of compliance. Note that implementing any device compliance capabilities requires the use of Azure AD as well as Active Directory® and SCCM if those are being used on-prem.

More Add-Ons Challenge macOS Management

The challenge for IT admins is that you need to find yet another solution beyond Intune and Azure AD to actually create the settings and manage the macOS device. For example, setting password complexity requirements, enabling FileVault, updating the OS, setting screensaver locks and more often need to be either handled manually by the IT admin, or by another solution all together. The result is that IT admins are now searching for additional IT management solutions beyond Intune and Azure AD (not to mention Active Directory and SCCM on-prem).

Philosophically, Microsoft’s approach to identity and system management is quite different from what we believe IT admins are truly searching for. Microsoft’s view is to create segmented solutions that are mostly focused on Windows and Azure, and then require additional solutions for non-Windows platforms. You can hardly blame them for doing so, but is this really the best approach for organizations that leverage mixed-platform environments?

For example, for Microsoft’s identity management solutions, IT admins need Active Directory and the domain controller on-prem, and then AD Connect, Azure AD, Azure AD DS, and more, all in Azure. For system management, SCCM is utilized on-prem and then Intune is added on for mobile device management from the cloud.

Delivering Wide Access Control from the Identity Provider

Sometimes, people are led to think that access control to corporate data is a device management feature. We don’t think of it that way because it isn’t something that the mobile operating system provides. Rather, it’s something the identity provider delivers. In this case, the identity provider associated with Intune is Azure Active Directory (Azure AD), Microsoft’s cloud identity and access management (IAM) system, but it is Intune that is providing the conditional access to Azure resources.

  1. Download a sample script to install Company Portal for macOS from Intune Shell Script Samples - Company Portal. Follow instructions to deploy the macOS Shell Script using macOS Shell Scripts. Set Run script as signed-in user to No (to run in the system context).
  2. Microsoft Intune empowers you to achieve more with a great mobile experience, while protecting your company’s data. Get started with these easy steps to enro.
  3. Intune lets you manage macOS devices to give users access to company email and apps. As an Intune admin, you can set up enrollment for company-owned macOS devices and personally owned macOS devices ('bring your own device' or BYOD).

The JumpCloud® Directory-as-a-Service® platform takes the complete opposite view and is tightly integrating not only identity and access management, but system management as well. Further, macOS and Linux® are treated as first class systems similar to Windows, rather than being forced to find additional third-party solutions in Microsoft’s ecosystem.

Moving Beyond Intune for Macs

Intune For Macbooks

Intune policy for mac

If you’re interested in understanding more about how Directory-as-a-Service compares to Intune for Macs, and would like to see how JumpCloud extends beyond just device management, give us a call or send us an email. One of our product experts will be happy to answer your questions or set up a demo. Furthermore, signing up to try Directory-as-a-Service is easy and free of charge for your first 10 users.