Device Compliance - Mac

Summary

In order for your Apple macOS computer to be deemed as compliant, it must meet a number of requirements. Non-compliant devices will not be able to access most of University systems and data.

Body

To protect data integrity and safeguard security when accessing University data and systems, it is very important to ensure that the computer is not infected with malware or compromised in any other way. Devices deemed as non-compliant (i.e. not fully protected from security threats and free from malware) will not be allowed access to selected University systems that store sensitive data. To meet Conditional Access security requirements, the device must be compliant with a number of minimum requirements and enrolled in device administration

In order for your Apple Mac computer to be deemed as compliant, it must meet all of these requirements:

  • macOS version1) must be one of these (with latest security patches​​​​​​ installed):
    • Monterrey ver.12.7.5
    • Ventura ver.13.6.7
    • Sonoma ver 14.5
  • Firewall must be enabled
  • Must be running Microsoft Defender
  • System Integrity Protection2) must be enabled
  • Device must check-in with Intune service in the cloud at least once every 30 days

Note 1: Apple supports only those three versions of macOS. Older versions are no longer supported and security patches are no longer being released for them. If you have an older Mac that cannot have its macOS upgraded to one of those three versions listed above, you need to purchase a new device.

Note 2: System Integrity Protection is a security technology designed to help prevent potentially malicious software from modifying protected files and folders on your Mac. System Integrity Protection restricts the root user account and limits the actions that the root user can perform on protected parts of the Mac operating system.

Details

Details

Article ID: 136933
Created
Tue 8/17/21 10:33 AM
Modified
Fri 6/7/24 3:29 PM

Related Articles

Related Articles (7)

This article explains which browsers should be used for the optimal experience with systems and apps used at the University of Windows, such as Microsoft 365, Brightspace, UWinsite, etc.
IT Services is currently running a pilot implementation of conditional access involving a limited number of users. Full implementation will take in Q4 of 2023.
At the University of Windsor, Intune combined with Azure AD provides device and application administration, corporate data protection, identity management and directory services.
In order for your work computer to be deemed as compliant, it must meet a number of requirements. Non-compliant devices will not be able to access some of the resources and systems starting in Q4 of 2023.
When accessing OneDrive or other Microsoft 365 Apps in a browser you may see a message displayed on the top of the browser window that says "Your organization doesn't allow you to download, print, or sync using this device (...) This can happen for three different reasons
If you see a message "Your company hasn't made any apps available to you on this device" or "You don't have any apps yet" it means that your computer does not meet minimum requirements as defined in the device compliance policy (i.e. your device is not compliant).
Microsoft Company Portal is an app that faculty and staff at the University of Windsor use to manage their workstations.