Self-Help Article (External)
Intended Audience: IT Staff
Purpose
This article outlines the process for enrolling a macOS device into Microsoft Intune using an Intune enrollment profile (.mobileconfig). This method is intended for user-driven enrollment scenarios and allows devices to be enrolled directly on the device without requiring Apple Configurator app.
Requirements
- Access to Microsoft Intune Admin Center
- Physical access to the macOS device
- Device must have Internet connectivity
Step-by-Step Procedures
- Intune: Review or Create Apple Configurator Enrollment Profile
A device enrollment policy defines the settings applied during enrollment. These settings are applied only once.
- In the Microsoft Intune admin center, go to Devices > Enrollment.
- Select the Apple tab
- Under Bulk Enrollment Methods, select Apple Configurator
- Select Profiles
- Review profiles or create new profile
- If a profile already exists:
- Skip to Step 2
- If a new profile is required:
- Select Create Profile
- Enter Name and Description (optional)
- Select Next
- For User Affinity, choose whether devices with this profile must enroll with or without an assigned user.
- Enroll without User Affinity: Use for shared or task-based devices.
- Enroll with User Affinity: Use for user-assigned devices.
- Select Create
- Intune: Export Enrollment Profile
- In the Microsoft Intune admin center, go to Devices > Enrollment.
- Select the Apple tab
- Under Bulk Enrollment Methods, select Apple Configurator
- Select Profiles
- Select an Enrollment profile
- Select Export Profile (.mobileconfig)
- Device: Enroll the macOS device
- Transfer the downloaded .mobileconfig file to the macOS device.
- Open the .mobileconfig file
- Open System Settings.
- Navigate to General > Device Management.
- On older versions of macOS, the path may be System Preferences > Profiles.
- Select the downloaded enrollment profile and choose Install.
- Review the profile information and select Continue.
- If prompted, enter the local administrator credentials for the Mac.
- Complete any additional authentication prompts required by Microsoft Intune.
- Wait for profile installation and device registration to complete.
- Device: Verify Enrollment Status
- Open System Settings > General > Device Management.
- Confirm that the Microsoft Intune management profile is present.
- Intune: Verify Device Enrollment
- Return to the Microsoft Intune admin center.
- Confirm the device appears under: Devices > macOS.
- Verify the device status shows as Managed and Compliant (if compliance policies are assigned).