Microsoft Intune App For Mac

Posted on by

Book conference rooms and track RSVPs for meetings right from your calendar. Make plans and coordinate schedules by sharing calendars and seeing when your coworkers are available. Office integration lets you share attachments right from OneDrive, access contacts, and view LinkedIn profiles. Microsoft outlook for mac purchase.

-->
  1. Microsoft Intune App For Mac Windows 7
  2. Free App For Mac
  3. Microsoft Intune App For Mac Pro

Intune includes built-in settings to customize features on your macOS devices. For example, administrators can add AirPrint printers, choose how users sign in, configure the power controls, use single sign-on authentication, and more.

Use these features to control macOS devices as part of your mobile device management (MDM) solution.

This article lists these settings, and describes what each setting does. It also lists the steps to get the IP address, path, and port of AirPrint printers using the Terminal app (emulator). For more information on device features, go to Add iOS/iPadOS or macOS device feature settings.

Before you begin

Create a macOS device configuration profile.

Today, Apple announced the availability of iOS 12 and macOS Mojave and we’re pleased to announce Microsoft Intune supports this update. Apple began releasing developer and beta builds a few months back, and the Intune team has been busy working to ensure that Intune App Protection Policies (APP). On a macOS device, use the following IntuneAppUtil command within the Intune App Wrapping Tool for Mac to extract the detected parameters and version for the created.intunemac file: IntuneAppUtil -r -v Check whether the Detection.xml file contains the package version. Here is an example of the Detection.xml file. The issue occurs if your.pkg package doesn't contain the following information: The package version and CFBundleVersion string in the packageinfo file.; The correct install-location in the pkg-info file.; This information is required so that Intune can deploy the app on targeted devices. Back in 2015 I wrote a blog about Mac management with Intune, however it’s been a few years and I feel it’s time we re-visit Mac management with Intune to learn more about what’s changed. You’ll soon learn there’s been a significant amount of progress and since my first post Intune now has a lot of.

Note

These settings apply to different enrollment types, with some settings applying to all enrollment options. For more information on the different enrollment types, see macOS enrollment.

Microsoft word mac crop marks 10. Mar 19, 2020  You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number. Site Feedback. Tell us about your experience with our site. Noah JWB Created on January 29, 2018. Crop Marks in Word for Mac 2016 Crop Marks. Feb 09, 2011  Printing the crop marks makes it much easier to then trim the sheet back to create the bleed. Publisher can automatically show and print crop marks. In Publisher 2003 and 2007, you enable crop marks in the Advanced Printer Setup dialog box: For more information on printing crop marks in Publisher 2007, see Print crop marks. Show or hide crop marks with Kutools for Word. Kutools gathering display settings of formatting marks and document content together, users can easily show or hide crop marks and other document content or formatting marks. Kutools for Word, a handy add-in, includes groups of tools to ease your work and enhance your ability of processing word. Select the tab marks to show or hide. Under Always show these formatting marks on the screen, select the check box for each formatting mark that you always want to display regardless if the Show/Hide button is turned on or off. Clear any check boxes for ones you don't want always displayed. Dec 31, 2019  Open up any Word file, there must be four marks of right angle in every page of your document. They are actually Crop marks. If you just want a.

AirPrint

Settings apply to: Device enrollment and Automated device enrollment

  • IP address: Enter the IPv4 or IPv6 address of the printer. If you use host names to identify printers, you can get the IP address by pinging the printer in the Terminal app. Get the IP address and path (in this article) provides more details.

  • Path: Enter the path of the printer. The path is typically ipp/print for printers on your network. Get the IP address and path (in this article) provides more details.

  • Port (iOS 11.0+, iPadOS 13.0+): Enter the listening port of the AirPrint destination. If you leave this property blank, AirPrint uses the default port.

  • TLS (iOS 11.0+, iPadOS 13.0+): Select Enable to secure AirPrint connections with Transport Layer Security (TLS).

  • Add The AirPrint server. You can add many AirPrint servers.

You can also Import a comma-separated file (.csv) that includes a list of AirPrint printers. Also, after you add AirPrint printers in Intune, you can Export this list.

Get the IP address and path

To add AirPrinter servers, you need the IP address of the printer, the resource path, and the port. The following steps show you how to get this information.

  1. On a Mac that's connected to the same local network (subnet) as the AirPrint printers, open Terminal (from /Applications/Utilities).

  2. In the Terminal app, type ippfind, and select enter.

    Note the printer information. For example, it may return something similar to ipp://myprinter.local.:631/ipp/port1. The first part is the name of the printer. The last part (ipp/port1) is the resource path.

  3. In the Terminal, type ping myprinter.local, and select enter.

    Note the IP address. For example, it may return something similar to PING myprinter.local (10.50.25.21).

  4. Use the IP address and resource path values. In this example, the IP address is 10.50.25.21, and the resource path is /ipp/port1.

Login items

Settings apply to: All enrollment types

  • Files, folders, and custom apps: Add the path of a file, folder, custom app, or system app you want to open when users sign in to their devices. System apps, or apps built or customized for your organization are typically in the Applications folder, with a path similar to /Applications/AppName.app.

    You can add many files, folders, and apps. For example, enter:

    • /Applications/Calculator.app
    • /Applications
    • /Applications/Microsoft Office/root/Office16/winword.exe
    • /Users/UserName/music/itunes.app

    When adding any app, folder, or file, be sure to enter the correct path. Not all items are in the Applications folder. If users move an item from one location to another, then the path changes. This moved item won't be opened when the user signs in.

  • Hide from user configuration: Hide doesn't show the app in the Users & Groups login items list. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS shows item you start at login in the Users & Groups login items list with the hide option unchecked.

    Note

    This setting is rolling out to all customers over the next couple of weeks.

Login window

Settings apply to: Device enrollment and Automated device enrollment

Window Layout

  • Show additional information in the menu bar: When the time area on the menu bar is selected, Allow shows the host name and macOS version. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not show this information on the menu bar.
  • Banner: Enter a message that's shown on the sign in screen on devices. For example, enter your organization information, a welcome message, lost and found information, and so on.
  • Choose login format: Choose how users sign in to devices. Your options:

    • Prompt for username and password (default): Requires users to enter a username and password.

    • List all users, prompt for password: Requires users to select their username from a user list, and then enter their password. Also configure:

      • Local users: Hide doesn't show the local user accounts in the user list, which may include the standard and admin accounts. Only the network and system user accounts are shown. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show the local user accounts in the user list.
      • Mobile accounts: Hide doesn't show mobile accounts in the user list. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show the mobile accounts in the user list. Some mobile accounts may show as network users.
      • Network users: Select Show to list the network users in the user list. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not show the network user accounts in the user list.
      • Admin users: Hide doesn't show the administrator user accounts in the user list. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show the administrator user accounts in the user list.
      • Other users: Select Show to list Other.. users in the user list. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not show the other user accounts in the user list.

Login screen power settings

  • Shut Down button: Hide doesn't show the shutdown button on the sign in screen. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show the shutdown button.
  • Restart button: Hide doesn't show the restart button on the sign in screen. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show the restart button.
  • Sleep button: Hide doesn't show the sleep button on the sign in screen. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show the sleep button.

Other

  • Disable user login from Console: Disable hides the macOS command line used to sign in. For typical users, Disable this setting. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow advanced users to sign in using the macOS command line. To enter console mode, users enter >console in the Username field, and must authenticate in the console window.

Apple Menu

After users sign in to the devices, the following settings impact what they can do.

  • Disable Shut Down: Disable prevents users from selecting the Shutdown option after the user signs in. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to select the Shutdown menu item on devices.
  • Disable Restart: Disable prevents users from selecting the Restart option after the user signs in. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to select the Restart menu item on devices.
  • Disable Power Off: Disable prevents users from selecting the Power off option after the user signs in. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to select the Power off menu item on devices.
  • Disable Log Out (macOS 10.13 and later): Disable prevents users from selecting the Log out option after the user signs in. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to select the Log out menu item on devices.
  • Disable Lock Screen (macOS 10.13 and later): Disable prevents users from selecting the Lock screen option after the user signs in. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to select the Lock screen menu item on devices.

Single sign-on app extension

This feature applies to:

  • macOS 10.15 and newer

Settings apply to: All enrollment types

  • SSO app extension type: Choose the type of credential SSO app extension. Your options:

    • Not configured: App extensions aren't used. To disable an app extension, switch the SSO app extension type to Not configured.
    • Redirect: Use a generic, customizable redirect app extension to use SSO with modern authentication flows. Be sure you know the extension and team ID for your organization's app extension.
    • Credential: Use a generic, customizable credential app extension to use SSO with challenge-and-response authentication flows. Be sure you know the extension ID and team ID for your organization's SSO app extension.
    • Kerberos: Use Apple's built-in Kerberos extension, which is included on macOS Catalina 10.15 and newer. This option is a Kerberos-specific version of the Credential app extension.

    Tip

    With the Redirect and Credential types, you add your own configuration values to pass through the extension. If you're using Credential, consider using built-in configuration settings provided by Apple in the the Kerberos type.

  • Extension ID (Redirect and Credential): Enter the bundle identifier that identifies your SSO app extension, such as com.apple.ssoexample.

  • Team ID (Redirect and Credential): Enter the team identifier of your SSO app extension. A team identifier is a 10-character alphanumerical (numbers and letters) string generated by Apple, such as ABCDE12345.

    Locate your Team ID (opens Apple's website) has more information.

  • Realm (Credential and Kerberos): Enter the name of your authentication realm. The realm name should be capitalized, such as CONTOSO.COM. Typically, your realm name is the same as your DNS domain name, but in all uppercase.

  • Domains (Credential and Kerberos): Enter the domain or host names of the sites that can authenticate through SSO. For example, if your website is mysite.contoso.com, then mysite is the host name, and contoso.com is the domain name. When users connect to any of these sites, the app extension handles the authentication challenge. This authentication allows users to use Face ID, Touch ID, or Apple pincode/passcode to sign in.

    • All the domains in your single sign-on app extension Intune profiles must be unique. You can't repeat a domain in any sign-on app extension profile, even if you're using different types of SSO app extensions.
    • These domains aren't case-sensitive.

  • URLs (Redirect only): Enter the URL prefixes of your identity providers on whose behalf the redirect app extension uses SSO. When users are redirected to these URLs, the SSO app extension intervenes, and prompts for SSO.

    • All the URLs in your Intune single sign-on app extension profiles must be unique. You can't repeat a domain in any SSO app extension profile, even if you're using different types of SSO app extensions.
    • The URLs must begin with http:// or https://.

  • Additional configuration (Redirect and Credential): Enter additional extension-specific data to pass to the SSO app extension:

    • Key: Enter the name of the item you want to add, such as user name.

    • Type: Enter the type of data. Your options:

      • String
      • Boolean: In Configuration value, enter True or False.
      • Integer: In Configuration value, enter a number.

    • Value: Enter the data.

    • Add: Select to add your configuration keys.

  • Keychain usage (Kerberos only): Choose Block to prevent passwords from being saved and stored in the keychain. If blocked, users aren't prompted to save their password, and need to reenter the password when the Kerberos ticket expires. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow passwords to be saved and stored in the keychain. Users aren't prompted to reenter their password when the ticket expires.

  • Face ID, Touch ID, or passcode (Kerberos only): Require forces users to enter their Face ID, Touch ID, or device passcode when the credential is needed to refresh the Kerberos ticket. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not require users to use biometrics or device passcode to refresh the Kerberos ticket. If Keychain usage is blocked, then this setting doesn't apply.

  • Default realm (Kerberos only): Choose Enable to set the Realm value you entered as the default realm. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not set a default realm.

    Tip

    • Enable this setting if you're configuring multiple Kerberos SSO app extensions in your organization.
    • Enable this setting if you're using multiple realms. It sets the Realm value you entered as the default realm.
    • If you only have one realm, leave it Not configured (default).

  • Autodiscover (Kerberos only): When set to Block, the Kerberos extension doesn't automatically use LDAP and DNS to determine its Active Directory site name. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow the extension to automatically find the Active Directory site name.

  • Password changes (Kerberos only): Block prevents users from changing the passwords they use to sign in to the domains you entered. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow password changes.

  • Password sync (Kerberos only): Choose Enable to sync your users' local passwords to Azure AD. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might disable password sync to Azure AD. Use this setting as an alternative or backup to SSO. This setting doesn't work if users are signed in with an Apple mobile account.

  • Windows Server Active Directory password complexity (Kerberos only): Choose Require to force user passwords to meet Active Directory's password complexity requirements. For more information, see Password must meet complexity requirements. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not require users to meet Active Directory's password requirement.

  • Minimum password length (Kerberos only): Enter the minimum number of characters that can make up users passwords. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not enforce a minimum password length on the users.

  • Password reuse limit (Kerberos only): Enter the number of new passwords, from 1-24, that must be used until a previous password can be reused on the domain. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not enforce a password reuse limit.

  • Minimum password age (Kerberos only): Enter the number of days that a password must be used on the domain before users can change it. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not enforce a minimum age of passwords before they can be changed.

  • Password expiration notification (Kerberos only): Enter the number of days before a password expires that users get notified that their password will expire. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might use 15 days.

  • Password expiration (Kerberos only): Enter the number of days before the device password must be changed. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might never expire passwords.

  • Password change URL (Kerberos only): Enter the URL that opens when users start a Kerberos password change.

  • Principal name (Kerberos only): Enter the username of the Kerberos principal. You don't need to include the realm name. For example, in user@contoso.com, user is the principal name, and contoso.com is the realm name.

    Tip

    • You can also use variables in the principal name by entering curly brackets {{ }}. For example, to show the username, enter Username: {{username}}.
    • However, be careful with variable substitution because variables aren't validated in the UI and they are case sensitive. Be sure to enter the correct information.

  • Active Directory site code (Kerberos only): Enter the name of the Active Directory site that the Kerberos extension should use. You may not need to change this value, as the Kerberos extension may automatically find the Active Directory site code.

  • Cache name (Kerberos only): Enter the Generic Security Services (GSS) name of the Kerberos cache. You most likely don't need to set this value.

  • Password requirements message (Kerberos only): Enter a text version of your organization's password requirements that's shown to users. The message is shown if you don't require Active Directory's password complexity requirements, or don't enter a minimum password length.

  • App bundle IDs (Kerberos only): Add the app bundle identifiers that should use single sign-on on your devices. These apps are granted access to the Kerberos Ticket Granting Ticket and the authentication ticket. The apps also authenticate users to services they're authorized to access.

  • Domain realm mapping (Kerberos only): Add the domain DNS suffixes that should map to your realm. Use this setting when the DNS names of the hosts don't match the realm name. You most likely don't need to create this custom domain-to-realm mapping.

  • PKINIT certificate (Kerberos only): Select the Public Key Cryptography for Initial Authentication (PKINIT) certificate that can be used for Kerberos authentication. You can choose from PKCS or SCEP certificates that you've added in Intune. For more information about certificates, see Use certificates for authentication in Microsoft Intune.

Associated domains

In Intune, you can:

  • Add many app-to-domain associations.
  • Associate many domains with the same app.

Microsoft Intune App For Mac Windows 7

This feature applies to:

  • macOS 10.15 and newer

Settings apply to: All enrollment types

  • App ID: Enter the app identifier of the app to associate with a website. The app identifier includes the team ID and a bundle ID: TeamID.BundleID.

    The team ID is a 10-character alphanumerical (letters and numbers) string generated by Apple for your app developers, such as ABCDE12345. Locate your Team ID (opens Apple's web site) has more information.

    The bundle ID uniquely identifies the app, and typically is formatted in reverse domain name notation. For example, the bundle ID of Finder is com.apple.finder. To find the bundle ID, use the AppleScript in Terminal:

    osascript -e 'id of app 'ExampleApp'

  • Domain: Enter the website domain to associate with an app. The domain includes a service type and fully qualified hostname, such as webcredentials:www.contoso.com.

    You can match all subdomains of an associated domain by entering *. (an asterisk wildcard and a period) before the beginning of the domain. The period is required. Exact domains have a higher priority than wildcard domains. So, patterns from parent domains are matched if a match isn't found at the fully qualified subdomain.

    The service type can be:

    • authsrv: Single sign-on app extension
    • applink: Universal link
    • webcredentials: Password autofill

  • Add: Select to add your apps and associated domains.

Tip

To troubleshoot, on your macOS device, open System Preferences > Profiles. Confirm the profile you created is in the device profiles list. If it's listed, be sure the Associated Domains Configuration is in the profile, and it includes the correct app ID and domains.

Next steps

Free App For Mac

Assign the profile and monitor its status.

Microsoft Intune App For Mac Pro

You can also configure device features on iOS/iPadOS.