Forum Discussion
Cannot install macOS Management Profile
Hi, all.
I'm trying to get management of a macOS device working. This is the first device being enrolled, in a new setup.
The device was pre-enrolled in ABM and synced to Intune. The device registers fine, and get the default management profile. I have added Company Portal, Microsoft 365 and Defender as apps to install. All these are being pushed, except Defender comes up with a missing license. I guess this is related to the issue below.
I start up Company Portal and it instructs me to install a new management profile. When trying to install this profile, it fails with the error "Could not obtain final profile using the Encrypted Profile Service...". My guess is that there is a conflict with an already installed Management Profile, which is impossible to remove. Have tried both locked and unlocked enrollment.
Any hints on how to resolve this?
went through the same headache. the reason you're getting this is because of your oobe process. because apple and microsoft hate each other, MacOS management is stupidly complex. that being said, there is a solution: user OOBE. this is assuming that you are using user afinity as we are as well.
in your enrollment profile, make sure the following is set:
Management Settings
User Affinity & Authentication Method
User affinity: Enroll with User Affinity
Authentication Method: Setup Assistant with modern authenticationthis will prompt for an Azure user authentication during oobe that it will then create a user account for. once you get logged in after oobe, you should be good to go.
