How to set up MAC OSX Compliance Policy for Microsoft Intune Client with SCCM

Nicolas PilonConsole, Intune, SCCMLeave a Comment

Microsoft Intune is a mobile device management tool that supports a variety of operating systems. Obviously, Intune supports the popular operating system Mac OSX. Since November 2015, companies that use standalone version, it’s possible to install the Intune client on MAC OSX devices. With the latest release of SCCM 1602, hybrid environment can enrol MAC OSX.

The Microsoft Intune client allows the deployment of policies, SCEP certificates, VPN and WiFi profiles. It’s also a new way to inventory your MAC. Before enrolling a Mac OSX in Intune, a compliance policy must be configured to apply a minimum of security control. This post will explain how to set up a SCCM Mac Compliance Policy for Microsoft Intune client.

MAC OS X Pre-Requisite

Before you begin, ensure that you configure your Microsoft Intune infrastructure correctly. This post is also part of the complete MDM installation guide blog series.

Once, Microsoft Intune is configured, we will check if SCCM is configured to support MAC OSX:

  • From the SCCM console, navigate to Administration / Cloud Services / Microsoft Intune Subscriptions
  • Right click on Microsoft Intune Subscription 
  • Select Configuration Platforms and iOS and Mac OS X (MDM)

Screen Shot 2016-04-05 at 12.43.49 PM

  • In the APNs Certificate tab, make sure Enable iOS and Mac OS X (MDM) enrollment is selected

Screen Shot 2016-04-05 at 12.44.01 PM

[su_box title=”Missing APN Certificate?” style=”glass” title_color=”#F0F0F0″]If the APN certificate is not configured, configure the APN certificate by following these steps[/su_box]

Configure SCCM Mac Compliance Policy

  • To create a compliance policy in SCCM, open the SCCM console and navigate to Assets and Compliance Compliance Settings Compliance Policies
  • Right click on Compliance Policies and select Create Compliance Policy

SCCMMacCompliancePolicy01

  • In the General tab of the Create Compliance Policy Wizard, enter the Name of the desired policy
  • Select Compliance rules for devices managed without the Configuration Manager client and choose iOS
  • Click Next

sccm mac compliance policy

  • At the Supported Platforms tab, select Mac OS X
  • Make sure All Mac OS X MDM Clients is selected and click Next

sccm mac compliance policy

  • In the Rules tab, configure rules accordingly the level of safety and productivity sought by your business
  • Click on New to add a new rule, when it’s completed, click Next

sccm mac compliance policy

  • In the Summary tab, confirm the compliance policy setting details and click Next

SCCMMacCompliancePolicy05

  • SCCM Mac compliance policy completed, click Close

sccm mac compliance policy

Deploy the Compliance Policy for Microsoft Intune Client

To deploy the compliance policy for all users that enroll MacOS:

  • Open the SCCM console and navigate to Assets and Compliance Compliance Settings Compliance Policies
  • Right click on the new compliance policy created for Mac OSX and select Deploy

Screen Shot 2016-03-31 at 1.59.36 AMNew

  • In the Deploy Compliance Policy window, click on Browse and select your Intune subscription collection. In our case, it’s All Intune Users
  • Specify the compliance evaluation schedule for this compliance policy

sccm mac compliance policy

You are now ready to install the Microsoft Intune Client on your MAC OSX devices.

Leave a Reply

Your email address will not be published. Required fields are marked *