Enrolling macOS device using Company portal
1 min read
Prerequisites
Before you start:
- Licensing: The user must have a valid Intune or Microsoft 365 license with Intune included.
- macOS version: macOS 10.15 (Catalina) or later recommended.
- Internet access: The Mac needs outbound access to Microsoft endpoints.
- Apple MDM Push Certificate: Intune must already have an Apple MDM push certificate set up in the Microsoft Intune admin center.
Enable macOS Enrollment in Intune
- Sign in to Microsoft Intune admin center:
https://endpoint.microsoft.com - Go to:
Devices → macOS → Enrollment → Apple MDM Push certificate. - Ensure a certificate is already configured. If not:
- Download the CSR from Intune.
- Go to Apple Push Certificates Portal and sign in with an Apple ID.
- Upload the CSR and download the
.pemcertificate. - Upload the
.pemback to Intune.
Download Company Portal on the Mac
- On the Mac, open Safari and go to:
https://portal.manage.microsoft.com - Sign in with the user’s Microsoft 365 work account.
- It will prompt to download Company Portal for macOS. Install it.
Enroll the Mac
- Open Company Portal after installation.
- Sign in with the user’s work account.
- Follow the prompts:
- Grant required permissions (Full Disk Access, Profiles, System Preferences).
- Download the management profile when prompted.
- Open System Settings → Privacy & Security → Profiles (on macOS Ventura+;
on older versions it’s System Preferences → Profiles). - Click the downloaded profile and Approve/Install.
- Go back to Company Portal → Check device compliance.
Verify Enrollment
- In Intune portal:
Devices → macOS → All devices → Check if the device appears. - The device should show Compliant if it meets your compliance policies.
