NOTE: The procedure described in this article will not work on a Mac that was registered in Automated Device Enrolmet (ADE) by Apple (see more).
University-owned and personal Apple macOS devices used for work (BYOD or Bring your Own Device) primarily by one person are referred to as primary-user workstations. They can be enrolled in Intune device management through the Company Portal app that needs to be downloaded and installed on the device. Enrolling macOS device in Intune this way allow user to
- access internal resources and systems on that device
- install additional software that the University is licensed for
- reset the device remotely in the event it gets lost or stolen
- protect user data on the device by Microsoft Defender
- create a backup of the recovery key for File Vault local disk encryption
To enroll macOS device using the Company Portal app:
- Navigate to portal.manage.microsoft.com in Safari or other browser
- When prompted, sign in using UWin Account credentials (UWinID@uwindsor.ca as login name) of the main user of this Mac workstation.
- If you see the screen picture below, click on Devices button. Otherwise, click on the three horizonatl lines icon in top-left corner and select Devices from the menu.
- Click Tap here to tell us which device you're using or to add a new device
- Click Download on the Add this device screen.
NOTE: The Company Portal app for macOS can also be downloaded using this link: aka.ms/EnrollMyMac
- Open your Downloads folder in Finder and open the CompanyPortal_x.x.x-Installer.pkg file
- Click Continue at the Introduction screen
- Click Continue at the License screen, accept the License Agreement by clicking Agree
- Click Install at the Installation Type screen. When prompted, enter your device's password and click Install Software
- Click Close at the Summary screen
- Click Move to Trash to discard the installation package
- Microsoft AutoUpdate will launch and check for updates. When prompted to configure settings, ensure that Automatically Download and Install or Automatically keep Microsoft Apps up to date is selected.
- Launch Company Portal app that was just installed
- Click Sign In
- When prompted, sign in using UWin Account credentials of the main user of this Mac workstation
- Click Begin to start enrolling this device into Intune
- Click Continue on the Review privacy information screen
- Click Download profile on the Install Management profile screen
- The Mac will now direct you over to the System Preferences to install the management profile. When asked "Are you sure you want to install...," click Install and then Install again
- When prompted, enter your device's password and click Install
- Close all windows and dialogue boxes
At this point, the workstation is registered in Entra and enrolled in Intune. If this is University-owned device, the following apps will be installed on it automatically by Intune:
- Microsoft Defender
- GlobalProtect VPN
- Microsoft Edge (browser that works best with all University apps and systems)
To verify your device's compliance with University security requirements (conditional access) at any time, launch the Company Portal app you installed on your device and check your device status under Devices. You can also use the Company Portal app to install University-licensed software on your Mac, such as Microsoft 365 Apps (formerly Microsoft Office 365 for Mac).