macos readme
Developed in collaboration with IntuneMacAdmins
The baseline has been designed and tested on the following scenario:
- MacOS 14.6 or above on Apple Silicon
- Enrolled into Apple Business Manager
- ADE Deployment with the following configured:
- Management Settings:
- Enroll with User Affinity
- Setup Assistant with Modern Authentication
- Await Final Configuration -Yes
- Locked Configuration - Yes
- Setup Assistant:
- FileVault - Show
- Touch ID - Show
- Management Settings:
- M365 Apps deployed via VPP
- Cloud-Only or Hybrid Identity with Entra ID as IdP
- MFA configured via Conditional Access
- M365 Business Premium or M365 E5/A5, or M365 E3/A3 + MDE P1/P2
OR:- Entra ID P1 or P2
- Office 365 E3/E5, A3/A5 or F3
- Intune P1
- Defender for Business or Endpoint P1/P2
Important
Successful application of the baseline outside of this configuration cannot be guaranteed.
Please reference Importing the Baseline for information.
There are some settings that require manual configuration or creation post-import. These are detailed in SETTINGSGUIDANCE.
Primary information regarding adherence to security frameworks can be found in the main wiki README.
- Entra Join and Authentication via Platform SSO Secure Enclave
- Core device security restrictions
- Device Encryption via FileVault
- Microsoft Edge (Split into multiple policies for easier management)
- Microsoft Office (Including OneDrive Known Folder Move)
- Microsoft Defender for Endpoint
- Update Configuration
All policies are Settings Catalog and will show in Devices>Configuration Profiles.
For a complete list of settings, please consult SETTINGSOUTPUT.
Tip
Please visit IntuneMacAdmins for additional information on MacOS management with Intune.