A guide on assigning groups to Intune policies related to macOS Intune MDE onboarding, ensuring necessary security functionality for the MDE Agent are distributed to desired device groups.
macOS Intune Policy Deployment
- Make sure to fulfill the following actions below for configuration profile assignment for the following list:
- Sittadel – macOS Accessibility for MDE
- Sittadel – macOS Auto-Update for MDE
- Sittadel – macOS Background Services for MDE
- Sittadel – macOS Bluetooth for MDE
- Sittadel – macOS Cloud Protection for MDE
- Sittadel – macOS Network Filter for MDE
- Sittadel – macOS Notifications for MDE
- Sittadel – macOS Onboarding for MDE
- Sittadel – macOS Scheduled Scans for MDE
- Sittadel – macOS System Extensions for MDE
- Navigate to the Device Configuration – Intune portal, here we will find a list of all of the macOS configuration profiles that allow MDE security controls to be enabled without user interaction. Locate and select the Sittadel – macOS Accessibility for MDE profile, this will be leveraged for this example but make sure to fulfill the steps for all the configuration profiles listed.
- Once opened we will want to scroll down to the Assignments section of the policy and select Edit to create a group enforcement scope for the policy.
- From the Assignments section, utilize the Add groups button, this will display a pop-out where leveraging the search bar you can supply the name for the desired groups that you wish to have the MDE enforcement on. Make sure that you select the checkbox by the returned group from the list, finalize this selection by hitting Select. The selected group(s) should generate in the list once the pop-out is terminated. Select Review + save to continue to assignment finalization.
- From the Review + save section, we will want to verify from the Assignments subsection that the previous assignment(s) have been made correctly. If the desired group(s) is generating, we will select Save to proceed to making the same assignments on the rest of the MDE configuration profiles.
- Once all the necessary assignments have been made for all of the configuration profiles, we will Navigate to the Antivirus – Intune portal, here we will want to locate and select the Sittadel – macOS Defender AV Policy to begin the policy assignment process.
- Once opened we will want to scroll down to the Assignments section of the policy and select Edit to create a group enforcement scope for the policy.
- Selecting Edit will display the Basics section for the selected policy, from this section we will want to select the Assignments section.
- From the Assignments section, utilize the Search field to supply the name for the desired groups that you wish to have MDE enforcement on. The selected group(s) should generate in the list below. Select Next to continue to the Review section for assignment finalization.
- From the Review section, we will want to select the Assignments dropdown to verify that the previous assignment(s) have been made correctly. If the desired group(s) is generating, we will select Save to finalize the Anti-Virus policy assignment.
- Once all the necessary assignments have been made for the Anti-virus policy, we will Navigate to the All Apps – Intune portal, here we will want to locate and select the Microsoft Defender for Endpoint (macOS) application to begin the policy assignment process.
- Opening the application will display the Overview page, we will want to select the Properties page under the Manage section, from the page we will want to scroll down to the Assignments section and select Edit to create a group enforcement scope for the application.
- From the Assignments section, utilize the Add groups button, this will display a pop-out where leveraging the search bar you can supply the name for the desired groups that you wish to have the MDE enforcement on. Make sure that you select the checkbox by the returned group from the list, finalize this selection by hitting Select. The selected groups should generate in the list once the pop-out is terminated. Select Review + save to continue to assignment finalization.
- From the Review + save section, we will want to verify from the Assignments subsection that the previous assignment(s) have been made correctly by selecting the Required dropdown. If the desired group(s) is generating, we will select Save to finalize the macOS Policy assignment process.
Need Assistance?
Reach out to your Customer Success Manager to discuss how a Sittadel cybersecurity analyst can assist in managing these tasks for you. New to our services? Inquire about arranging a consultation to explore optimizing your Azure environment for painless management.