Skip to content

Enroll MacOS Setup

 

Initial Steps:

  • Activate Apple VPP and business manager
  • Add the apps you want to install on the Apple devices.
  • Add the “company portal” app – important will need it later.

 

 

 

Add Corporate devices

  • Intune admin portal
  • Devices, enroll devices

 

 

 

  • Click on “Corporate device identifiers”

 

  • Click add, upload csv

 

  • The CSV should be as (serial, device description)

 

 

 

 

 

Other Steps:

  • Apple business manager
    • Click on the profile at the bottom left, choose preference
    • Account, under “Federated Authentication”
      • Connect to Azure AD

 

Link to the following steps:

https://support.apple.com/en-au/guide/apple-business-manager/axm3ec7b95ad/web

 

  • Login to portal.office365.com
  • Admin portal
  • Azure ad porta
    • Enterprise applications
    • All application, and you will find “Apple business Manager” (because you connected it in the above steps)
    • Click on “Apple business manager”
      • On left, click “Provisioning”, click get started

 

  • Choose automatic

 

 

  • Back to “Apple business manager”

 

  • In Apple Business Manager , sign in as a user that has the role of Administrator or People Manager.
  • Click your name at the bottom of the sidebar, click Preferences , then click Directory Sync, click edit

 

  • Copy (Tenant URL) and (Secret Token) to the Azure Portal

 

 

  • Test conncetion

 

 

Steps – Intune:

  • Connect intune to apple business manager

 

 

  • Devices – Macos – macosenrollment – apple configurator

 

 

  • Profiles – create

 

 

  • Create.

 

  • Click on the profile

 

  • Export profile – copy profile URL
     

 

This URL will be used in the apple configurator steps.

 

 

  • Devices
    • Compliance policy is used to create minimum security settings that every device must have.
    • An example

 

 

Configure Azure AD Single Sign-On Extension

  • Sign into the MEM console (intune)
  • Go to Devices -> iOS/iPadOS -> Configuration Profiles and click on Create Profile
  • For Profile type, choose Device features and click Create
  • Give you profile a name and then click Next
  • In the list of settings, choose Single sign-on app extension
    • For SSO app extension type, choose Microsoft Azure AD
  • Click Next
  • Assign the configuration profile to a group and click Next
  • Click on Create

 

 

 

 

Steps – Apple Configurator

 

  • Apple configurator – preference

 

 

 

  • Organizations, + , add your organization using your apple business manager ID

 

 

 

  • Servers, +, this is where you paste the URL copied from Intune

 

 

  • Use apple configurator to create iOS profile.
    • Mark all restrictions on the device
    • Create Wifi profile. (Important)
    • After you finish all the settings of the profile, file, sign profile

 

 

 

 

  • Save the profile and close the window.
  • Go back to apple configurator and connect iOS device to the computer.
  • Click prepare

 

  • Choose “Manual enrollment”
    • Add to apple business manager
    • Activate and complete enrollment
    • Allow devices to pair with other computers
  •  
  • Choose the organization
  • Show all steps or configure what you want to see

 

  • Choose profile (the one that has wifi settings in it – that is why it was important)

 

 

  • Enter the user credential that responsible for “enroll in the MDM”
Page Menu