Prerequisites for Mac Intune Installation

Before you begin, confirm the following are in place.

Prepare Intune Tenant with macOS Support

• Microsoft Intune license assigned to the Administrator account and

• Apple MDM Push Certificate configured in Intune

The Apple MDM Push Certificate is required for ANY macOS management in Intune. Without it, macOS devices cannot enroll. Configure this at Devices | Enrollment | Apple | Apple MDM Push Certificate. You will need an Apple ID to generate the certificate via the Apple Push Certificates Portal.

New to Managing Macs?

If your organization primarily manages Windows endpoints and you're deploying macOS for the first time, Apple offers free self-paced training at:

• Apple Device Support — foundational support and troubleshooting

• Apple Deployment and Management — MDM deployment, configuration profiles, and device management

Enroll macOS Device in Intune

• Install the Company Portal application on the Mac agent from the CompanyPortal-Installer.pkg download link: https://go.microsoft.com/fwlink/?linkid=853070.

• Sign in and complete the enrollment.

• Verify that the Management Profile is installed in System Settings | General | Device Management.

Establish Your Delinea Privilege Manager Cloud Instance

• Your TMS URL adheres to the format:

  https://<your instance>.privilegemanagercloud.<region>/Tms/

  Where <region> is the domain for your Privilege Manager cloud region (e.g., eu, com.au). You can find this in your browser address bar when logged into the Privilege Manager console.

• Your on-premises URL adheres to the format:

  https://<server address>/Tms/

• Your install code is located in the Privilege Manager console at Admin | Agents | Installation Codes.

Download the macOS Agent PKG

Download the latest Delinea Management Agent DMG from the Delinea Delinea Software Downloads page for macOS Workstations.

The download is a .dmg (macOS disk image) file, but Intune requires a .pkg file. The .pkg installer is inside the .dmg. Since you are likely working from a Windows machine, use 7-Zip (e.g., https://7-zip.org) to extract it.

1. Right-click the downloaded .dmg file and select 7-Zip > Open archive.

2. Inside you will see a .pkg file (e.g. DelineaManagementAgent-x.x.xxxx.pkg).

3. Extract the .pkg file to a folder on your machine. This .pkg file is what you will upload to Intune in Step 3 - Prepare the Pre-Install Script.

Download the Configuration Profiles

Download the following four pre-built .mobileconfig files provided in Custom Configuration Profiles for Intune. They are configured in Step 1 of the Installation.

• Privilege Manager White List.mobileconfig

• Privilege Manager Full Disk Access.mobileconfig

• Privilege Manager Notifications.mobileconfig

• Privilege Manager Events.mobileconfig