Device Compliance - Mac

To protect data integrity and safeguard security when accessing University data and systems, it is very important to ensure that the computer is not infected with malware or compromised in any other way. Devices deemed as non-compliant (i.e. not fully protected from security threats and free from malware) will not be allowed access to selected University systems that store sensitive data. To meet Conditional Access security requirements, the device must be compliant with a number of minimum requirements and enrolled in device administration

In order for your Apple Mac computer to be deemed as compliant, it must meet all of these requirements:

  • macOS version1) must be one of these (with latest security patches​​​​​​ installed):
    • Sequoia ver.15.1.1
    • Sonoma ver 14.7.1
    • Ventura ver.13.7.1
  • Firewall must be enabled
  • Must be running Microsoft Defender
  • System Integrity Protection2) must be enabled
  • Device must check-in with Intune service in the cloud at least once every 30 days

Note 1: Apple supports only those three versions of macOS. Older versions are no longer supported and security patches are no longer being released for them. If you have an older Mac that cannot have its macOS upgraded to one of those three versions listed above, you need to purchase a new device (see Apple macOS | endoflife.date). In addition, Microsoft no longer supports Monterrey 12.x.x for Intune enrolment.

Note 2: System Integrity Protection is a security technology designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. System Integrity Protection restricts the root user account and limits the actions that the root user can perform on protected parts of the Mac operating system.

100% helpful - 1 review
Print Article

Related Articles (8)

This article explains which browsers should be used for the optimal experience with systems and apps used at the University of Windows, such as Microsoft 365, Brightspace, UWinsite, etc.
Any devices used by university employees and related that do not meet the minimum requirements, as defined in the device's assigned compliance policy, will not be granted full access to University apps, systems and data. This includes devices, both university-owned and personal, that are not enrolled in Intune
At the University of Windsor, Microsoft Intune combined with Entra ID provides device and application administration, corporate data protection, identity management and directory services.
In order for your work computer to be deemed as compliant, it must meet a number of requirements. Non-compliant devices will not be able to access some of the resources and systems starting in Q4 of 2023.
When accessing OneDrive or other Microsoft 365 Apps in a browser you may see a message displayed on the top of the browser window that says "Your organization doesn't allow you to download, print, or sync using this device (...) This can happen for three different reasons
If you see a message "Your company hasn't made any apps available to you on this device" or "You don't have any apps yet" it means that your computer does not meet minimum requirements as defined in the device compliance policy (i.e. your device is not compliant).
This article summarizes current limitations affecting macOS devices when it comes to Intune enrolment and conditional access.
Microsoft Company Portal is an app that faculty and staff at the University of Windsor use to manage their workstations.