Device Compliance - Mac

To protect data integrity and safeguard security when accessing University data and systems, it is very important to ensure that the computer is not infected with malware or compromised in any other way. Devices deemed as non-compliant (i.e. not fully protected from security threats and free from malware) will not be allowed access to selected University systems that store sensitive data. To meet Conditional Access security requirements, the device must be compliant with a number of minimum requirements and enrolled in device administration. 

In order for your Apple Mac computer to be deemed as compliant, it must meet all of these requirements:

• macOS version¹⁾ must be one of these (with latest security patches​​​​​​ installed):
  • Sequoia ver.15.0
  • Sonoma ver 14.6.1
  • Ventura ver.13.6.9
• Firewall must be enabled
• Must be running Microsoft Defender
• System Integrity Protection²⁾ must be enabled
• Device must check-in with Intune service in the cloud at least once every 30 days

Note 1: Apple supports only those three versions of macOS. Older versions are no longer supported and security patches are no longer being released for them. If you have an older Mac that cannot have its macOS upgraded to one of those three versions listed above, you need to purchase a new device (see Apple macOS | endoflife.date). In addition, Microsoft no longer supports Monterrey 12.x.x for Intune enrolment.

Note 2: System Integrity Protection is a security technology designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. System Integrity Protection restricts the root user account and limits the actions that the root user can perform on protected parts of the Mac operating system.