Onboard and offboard macOS devices into Compliance solutions using Intune for Microsoft Defender for Endpoint customers

Note

Microsoft 365 compliance is now called Microsoft Purview and the solutions within the compliance area have been rebranded. For more information about Microsoft Purview, see the blog announcement.

Important

Use this procedure if you have deployed Microsoft Defender for Endpoint (MDE) to your macOS devices

Applies to:

• Customers who have MDE deployed to their macOS devices.
• Endpoint data loss prevention (DLP)
• Insider risk management

Before you begin

• Make sure your macOS devices are onboarded into Intune and enrolled in the Company Portal app.
• Make sure you have access to the Microsoft Endpoint Manager center
• This supports macOS version Catalina 10.15 and higher
• Install the v95+ Edge browser on your macOS devices

Onboard macOS devices into Microsoft Purview solutions using Microsoft Intune

Use these steps to onboard a macOS device into Compliance solutions if it already has MDE deployed to it.

1. You'll need these files for this procedure.

file needed for	source
accessibility	accessibility.mobileconfig
full disk access	fulldisk.mobileconfig

Tip

You can download the .mobileconfig files individually or in single combined file that contains:

• accessibility.mobileconfig
• fulldisk.mobileconfig

If any of these individual files is updated, you'd need to download the either the combined file again or the single updated file individually.

Create system configuration profiles

1. Open the Microsoft Endpoint Manager center > Devices > Configuration profiles.

2. Choose: Create profile.

3. Choose:

   1. Platform = macOS
   2. Profile type = Templates
   3. Template name = Custom

4. Choose Create

5. Choose a name for the profile, like AccessibilityformacOS in this example. Choose Next.

6. Choose the accessibility.mobileconfig file that you downloaded in step 1 as the configuration profile file.

7. Choose Next

8. On the Assignments tab add the group you want to deploy these configurations to and choose Next.

9. Review your settings and choose Create to deploy the configuration.

10. Open Devices > Configuration profiles, you should see your created profiles there.

11. In the Configuration profiles page, choose the profile that you just created, in this example AccessibilityformacOS and choose Device status to see a list of devices and the deployment status of the configuration profile.

Update configuration profiles

1. Update the existing full disk access profile with the fulldisk.mobileconfig file.

2. Update exisiting MDE preferences profile with these values

<key>features</key>
<dict>
    <key>systemExtensions</key>
    <string>enabled</string>
    <key>dataLossPrevention</key>
    <string>enabled</string>
</dict>

Offboard macOS devices using Intune

Important

Offboarding causes the device to stop sending sensor data to the portal but data from the device, including reference to any alerts it has had will be retained for up to 6 months.

1. In Microsoft Endpoint Manager center, open Devices > Configuration profiles, you should see your created profiles there.

2. In the Configuration profiles page, choose the MDE preferences profile.

3. Remove these settings:

<key>features</key>
<dict>
    <key>systemExtensions</key>
    <string>enabled</string>
    <key>dataLossPrevention</key>
    <string>enabled</string>
</dict>

3. Save.