macOS management with Microsoft Intune | Deployment, single sign-on, settings, apps & DDM
HTML-код
- Опубликовано: 2 авг 2024
- Microsoft Intune now has built-in native controls so you can manage your Macs similar to how you manage Windows PCs across the device lifecycle, without third party integrations or extensions. This decreases complexity and overhead and increases security, to help achieve your Zero Trust goals. Jeremy Chapman, Director of Microsoft 365, walks through the highlights:
• Automated device enrollment
• Microsoft Entra ID based single sign-on experience
• Extended configuration management controls
• Support for common DMG and PKG app package types
• Declarative Device Management (DDM) for updates
•Upcoming capabilities like Remote Help for macOS within the Intune Suite
► QUICK LINKS:
00:00 - Manage your Macs similar to Windows PCs
01:12 - Admin configurations: Device Enrollment
03:16 - User experience for setup
05:50 - Device configuration for admins
07:13 - Declarative Device Management (DDM)
07:50 - Security settings
08:35 - Distribute and install DMG and PKG app packages
10:23 - Remote Help for macOS coming soon
10:54 - Wrap up
► Link References
Get more information at aka.ms/IntuneforMac
► Unfamiliar with Microsoft Mechanics?
As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.
• Subscribe to our RUclips: / microsoftmechanicsseries
• Talk with other IT Pros, join us on the Microsoft Tech Community: techcommunity.microsoft.com/t...
• Watch or listen from anywhere, subscribe to our podcast: microsoftmechanics.libsyn.com...
► Keep getting this insider knowledge, join us on social:
• Follow us on Twitter: / msftmechanics
• Share knowledge on LinkedIn: / microsoft-mechanics
• Enjoy us on Instagram: / msftmechanics
• Loosen up with us on TikTok: / msftmechanics
#ZeroTrust #Intune #macOS #EntraID 
Наука
![J.P., NLE Choppa - Bad Bitty (Remix) [Official Music Video]](http://i.ytimg.com/vi/rBDa6BCvw10/mqdefault.jpg)
So many updates and parallels to Windows device management!
I'm new to Intune and Mac management - but this makes it all super-clear.
Happy to hear that. Thanks for taking the time to comment.
This is great stuff! I love to see it even if it was too late to keep us from spending money on a separate MacOS MDM tool. Next year when our tool expires I will be switching our MacOS management back to Intune. I love eliminating systems and bringing as much as I can under a "single pane of glass".
Thanks for that update. Don't have a lot of M365 clients using Macs, but I have a few. Will be nice to utilize this for them.
You had me excited there, I thought we could finally synchronize the accounts so we wouldn't need a local account. We use Intune for our MacBooks and that is the biggest complaint our admins have.
Hi there, what is prompting you to create a local account on your MacOS devices?
what kind of account are you hoping for? Because let me tell you, if you also have FileVault enabled local accounts are the only way to go. Any kind of mobile account password will undoubtedly get out of synch with the FileVault password meaning users cannot login. It's a nightmare.
3:56 about creating the local login and the "...we're working on this also..." follow-up; is that a foreshadow of the platform sso in intune?
OMG! Finally, A Game Changer - thank you Microsoft.
Thanks sir for information about it it's so glad to knowing today
Thanks a lot for this amazing video ;)
Glad you liked it!
top notch
Techs actually using Intune and Jamf will have probably noticed at 3m54s that users still create their own usernames rather than it pre-filling (and blocking like Jamf) their actual UPN, and at 9m 57s we still can't assign .pkgs which contain scripts (since you can't deploy an app with a script we have to incorporate a licensing script in to the .pkg itself) as 'Available' and only as 'Required'.
It's so close... 🤞
It's nowhere near close. It will get there maybe one day, but that isn't this year or next.
Very nice! Hoping for more non compliance actions to be added as time goes on (would be great to have a script option)
Indeed - I would love to have Custom Compliance actions, that Linux + Windows have!
Is there still 2Gb limitation for DMG/PKG files? it's quite frustrating as it makes impossible to install some core SW - 3rd party antivirus for example in my case
I notice you’re creating a user during ADE enrollment. Presently, Jamf Connect allows us to authenticate the user with our Okta and create a new user profile on the Mac that keeps their AD creds in sync with the local account on their Mac. Is this functionality planned for Q1-24?
If im not mistaken we can today manage macOS via company profile and intune. whats the comparison of what you can do with each setup. We have only m365 BP licenses today.
It was stated that this would require E3 or E5 - is this also enabled for A3 or A5 as well?
Could this be a gamer changer for MacOS management where, traditional approach would be JAMF? The onboarding to inTune certainly appears alot more streamlined. It will be good to test. Thank you.
Not at all - if you're serious about Mac management, Jamf is LIGHTYEARS beyond Intune. Also, many features Jamf Pro includes in the list price would be optional extras as part of the Intune Suite, so it's not really any cheaper. The fact that scripts can take up to 8 hours to execute in Intune versus 15 minutes in Jamf shows you the difference in priorities. I've used Jamf Pro and Intune for years - Intune is awesome for PC and terrible for anything Apple in my experience.
Also, weirdly, we have the exact same name (also a Luke Wilkins!)
@@lukebaldwin5553 I think it depends on the organization. We just dropped Jamf where I work and we're moving to Intune. It covers all the functionality we need and it's been a simple move.
the question would be, what if the device being enrolled is a shared device, where multiple users might be signin to it during the day. would that leave the already logged in users on the login screen? if so then the welcome login screen would have 10 different profiles on the welcome screen and it will keep cumulating by time? would there be a way to remove those profiles?
9:57 why "Available for enrolled devices" option is not available in case of using pkg and only available in LOB applications?
Are roaming profiles for "hot desking" possible with this solution? Thanks.
Is the local account still an admin of their device or can that be configured so that they are not admin by defualt?
In my organization we can't use our 365 tenant in an external device, like MacOS unenrolled device, what is an alternative way of enrolling without authenticating with o365 account?
What about managing local administrators on MacOS devices. Can this be done with intune currently?
Does intune for Macs also make end users standard account holders
Hi Jeremy! The option for creating the local account is here now! But it raises questions! During setup users can enter whatever password they want even though we can sync username to EntraID. What happens next when platform SSO syncs the password? Not clear to users. Also you mention secure login and passwordless here. But when configured the only login option on the Mac is simple old password. No passwordless, no MFA. And then when SSO plugin kicks in and a CA policy enforces MFA or authentication strength, what happens then? Constant MFA prompts? Or does platform SSO let the not MFA authenticated user in? So many questions…
Will Intune allow you to manage updates for DMG and PKG applications ?
Does macOS Intune support work with Business Permimun or is only E3/E5 required?
It's included in Business Premium.
So Is Apple Business Manager still needed?
Yes, that still creates the initial handshake with Microsoft Intune.
How does this work without user affinity? is it possible?
Tried the enrollment and SSO on our tenant today. It's still not as seamless as JAMF makes it
I’m assuming Connect is smoothing it out for you guys?
This is promising, if Microsoft gets it right.
It is now. Works flawless
Bye Jamf…
Bye Kandji…
You will be missed. 😅
What if a user has e.g Outlook installed via homebrew, and Intune installs it again without homebrew? Or is it possible to manage macos apps via homebrew over intune?