Microsoft

Microsoft Intune Feedback

How can we improve Microsoft Intune

Conditional Access for Macs

We would like to have conditional access for client computers that run OS X so users are enforced to enroll their devices as soon as they decide to install a mail client or OneDrive for Business.

(split from https://microsoftintune.uservoice.com/forums/291681-ideas/suggestions/8793778-conditional-access-for-pc-s-and-mac-s)

359 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    AdminCathy Moya (UserVoice admin for Intune, Microsoft Intune) shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    As of the most recent service release, you can now set a conditional access policy that requires Mac devices to be enrolled into Intune and compliant with its device compliance policies. For example, users can download the Intune Company Portal app for macOS and enroll their Mac devices into Intune. Intune evaluate whether the Mac device is compliant or not with requirements like PIN, encryption, OS version, and System Integrity.
    https://docs.microsoft.com/en-us/intune/whats-new

    23 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Robert commented  ·   ·  Flag as inappropriate

        Is there any chance that Microsoft will let Conditional Access for Mac to work side by side with other MDM solutions? Enterprises have already been managing their Mac fleet with MDM solutions such as Casper. It's not possible to have 2 MDM profiles, and Intune is not a substitute for Casper. Surely this is technically possible, with a bit of a hack I was able export the Workplace Join certificates from an entrolled Mac without Casper then import them into a Mac with Casper MDM profile. Just by importing the certificates Conditional access and Casper was able to work at the same time! The problem is this process is clunky and not that secure. Please allow Intune/Company portal to be installed on Mac's without requiring it to create an MDM profile!

      • D commented  ·   ·  Flag as inappropriate

        May have been a timing issue for us, but the conditional access option for macOS now appears successfully in our portal. Many thanks, great work Intune team!

      • Marius Olsen commented  ·   ·  Flag as inappropriate

        No checkbox for OS X to enable conditional access on this platform. Can only see iOS, Android, Windows 10 Mobile and Windows.

      • D commented  ·   ·  Flag as inappropriate

        Hi Cathy,

        Might there be some confusion here ? There are COMPLIANCE policies that have MacOS as an option now, however there are still no Conditional Access policy options for MacOS, can you please confirm ??

      • Paul Ellis commented  ·   ·  Flag as inappropriate

        I still do not see OSX as an option in the Exchange Online Conditional Access policy,
        will enrolling the Mac allow the end users to connect their thick Outlook client,
        or would Conditional Access still block them ?

      • Anonymous commented  ·   ·  Flag as inappropriate

        I heard from our TAM a Preview might be coming for this feature. Can you please provide more of an insight into this? Thanks

      • Chris Moore commented  ·   ·  Flag as inappropriate

        We have OS X configuration & compliance, and from the errors provided when CA is enabled, it can clearly detect the OS from the browser pages (certainly obvious in Exchange Online)... All we're missing is the bit to tie it together!

        Definitely hoping for this to be picked up soon.

      • Aaron Marks commented  ·   ·  Flag as inappropriate

        Intune Conditional Access would be nearly complete if Mac Conditional Access was released alongside EWS Conditional Access.

      • Andrew Walton commented  ·   ·  Flag as inappropriate

        We need this to come out fast as we have half our Company using Macs. Why was this not though about when the product was released?

      ← Previous 1

      Feedback and Knowledge Base