Microsoft Previewing macOS Conditional Access Using Azure Active Directory and Intune
Microsoft is previewing the ability to impose "conditional access" restrictions on devices running the Apple macOS operating system.
Update 8/25: The preview has a known issue where password compliance policies aren't getting enforced. A Microsoft blog post suggested it's an issue that Apple is currently addressing, with no estimated fix date.
The preview was recently added to Azure Active Directory and the Microsoft Intune mobile management service, explained Alex Simons, director of program management for the Microsoft Identity Division, in a Wednesday announcement.
Conditional access restrictions are imposed through policy settings. For instance, network access by a device might get blocked if it lacks the latest software patches. IT pros can set up such policies using the Intune blade of the Microsoft Azure management portal. They can then specify the specific requirements for devices to meet to ensure compliance.
The preview will only work if "the Intune Company Portal app" is installed, Microsoft's announcement clarified. Devices need to be running macOS 10.11 or greater to use the feature. The conditional access policies will work with Office 2016 for macOS applications (namely, Excel, OneNote, Outlook, PowerPoint and Word) that are at version 15.34 or greater. The policies are only supported with the Apple Safari browser.
Microsoft has had its conditional access scheme in place for Intune and Azure AD for various operating system platforms for a while. However, for some reason, macOS support had lagged. It was "one of the most frequently requested" items mentioned by customers, Simons indicated.
Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.