MacOS Post Enrollment Setup
IMPORTANT!!
Tips Before Starting:
For ease of setup, use the same password as the DEM account for setting up the local MacOS account.
DEM Account Info
[email protected]
D3m4ccount!
Apple Migration Assistant does not work with Enrolled Devices
You will need to reinstall all the apps associated with the user's apple id. Follow the instructions in the KB article linked below for more info.
User access to Personal iCloud and Apple Store | Knowledge Base | Nelson Brothers IS Helpdesk
After setting up the Mac you can sync the user's desktop and documents folder with One Drive by following the KB article linked below for more info.
Sync the Desktop and Documents Folder with One Drive | Knowledge Base | Nelson Brothers IS Helpdesk
Continue with the setup as normal for the Mac OS device and use your Microsoft credentials (DEM account) when prompted.
Note: If you do not see the Microsoft login screen you will need to remove the device from Intune management and then from ABM and re-do the setup process from step 1.
Once you are signed into the device, wait 30 minutes - 1 hour for all the profiles to fully download.
Then, accept all popups requesting permissions.
After granting permissions, navigate to the Settings app and search “Profiles” in the search bar. Ensure that both the Intune MDM Agent SCEP and Intune MDM Agent PPPC Profiles are on the device.
Important, Follow Closely:
Look for a popup on the top right for Company portal stating that “Registration is required”
Click on that and you will be taken to a popup label “Platform single sign-on registration”
Click continue and you will be prompted to enter your Local User Credentials. After that you will be prompted to sing in with you Microsoft credentials. After some loading time, you will be prompted to log into company portal with your Microsoft credentials.
Registration is now complete; this will sync your local and Microsoft credentials. Your local credentials will no longer be available for use from this point forward.
Open the settings app and navigate to Users & Groups.
Create a local account named TempAccount and set the password. (This will allow the user to have the ability to connect to a Wi-Fi network if they are not at a company site)
The account will be originally created as a standard user.
Give the TempAccount the Administrator role.
Log out of your admin account on the device and restart the device.
Log in with the TempAccount and then log out of the TempAccount.
Ensure that you are being prompted to log into the TempAccount when reaching the login screen.
Change the primary user of the device from your admin account to the users EntraID account by navigating to the Intune portal and go to Devices > MacOS > Select Device > Properties > Change primary user > Search and select user account > Click save at the top of the screen.
Congratulations!! You’re Finished!!!