As Microsoft starts to empower the integration for non Windows devices and also the available apps for macOS devices you might want to profit from your existing MDM solution of choice (Microsoft Intune) and enable features like conditional access or Windows Defender ATP on your macOS devices. This post covers the enrollment with the company portal app. If you want to enroll your devices with DEP (device enrollment program) you can find a great guide here.
Mind the enrollment restrictions
Let’s start and check the configured enrollment restrictions to make sure that the macOS enrollment is not blocked for your tenant. You’ll find them on your Intune dashboard under: Microsoft Intune > Device enrollment - Enrollment restrictions
Get an Apple MDM push certificate
Without loosing into details - you need an Apple MDM push certificate (also called APNs) to manage apple devices with MDM. The push certificate allows your MDM solution to send notifications about device actions to your end devices (e.g. wipe, app installation, new policy). To request a push certificate you need a valid Apple ID.
In Intune navigate to the Apple enrollment section and download your CSR. The CSR is required to request the APNs certificate.
Now access the Apple push certificate portal and sign in with a valid apple ID.
Request a new certificate and upload your CSR when prompted. Afterwards switch back to your Intune portal and upload the issued APNs certificate.
Enroll your first macOS machine
Here a little walk trough from an end users perspective.
First sign in to the Intune device portal with your browser and Microsoft account: https://portal.manage.microsoft.com/.
Now you’re ready to empower the Microsoft power on your macOS devices!