Forum Discussion
macOS and Apple ID restrictions
All,
I am just starting out enrolling macOS devices with Intune/Endpoint Manager, and most things are working as expected. I have configuration policies for some items, some scripts to change things, install the company portal, etc. One thing I cannot seem to figure out is how to confine the Apple ID. I have the federation configured to ensure our corporate email addresses are Managed Apple IDs, but what I cannot seem to find or figure out is how to restrict the Apple ID login on corporate managed machines so the end user can only use our managed Apple IDs. I could settle for blocking Apple ID signin completely, and found a custom template that is supposed to do that, but it does not seem to work either.
Has anyone accomplished this with Intune? I do have all iCloud settings disabled so the user should not be able to save things outside of OneDrive or local, but I really don't want the users to use a personal Apple ID and installing apps from the store, etc.
Any direction would be appreciated.
AbhiIntune_woMicrosoft
Russ Burden Seems not possible.
Apple IDs are required in both enrolment types offered by Microsoft that is Setup assistant (Legacy) and Setup assistant (with Modern authentication) and enrolling without user affinity does not seems your concern here. In both enrollment type Apple ID is required to sign into the device and there is no device restriction policy that you can apply to mac OS that disables Personal Apple ID's.
Look here for more info: Comprehensive guide to managing macOS with Intune – Modern IT – Cloud – Workplace (oliverkieselbach.com)
- This is untrue for Enrollment with Modern Authentication. During enrollment, the user authenticates with their 365/Azure credentials to perform the enrollment, Apple ID is not required for this and the system enrolled device can operate without an Apple ID after the fact acquiring applications via the company portal.
