Microsoft Intune Managed Browser Mac

  
Microsoft Intune Managed Browser Mac Average ratng: 7,7/10 7156 reviews
-->
  1. Download Intune Managed Browser
  2. Intune Managed Browser App
  3. Microsoft Intune Managed Browser Mac Download
  4. Microsoft Intune Managed Browser Mac Pro

Before setting up Microsoft Intune, review the supported operating systems and browsers.

For help installing Intune on your device, see using managed devices to get work done and Intune network bandwidth usage.

For more information on configuration service provider support, visit the Configuration service provider reference.

Oct 28, 2019  This is now applicable for newly enrolled macOS devices starting in October 2019. With this change, administrators can see app inventory information only pertaining to managed apps installed by Microsoft Intune and any apps that are installed by the user outside of Intune are not reported in the Intune console. Corporate devices will continue. Intune Managed Browser Android latest 1.3.4442.3 APK Download and Install. View and navigate web content. Mar 11, 2019 Back in 2015 I wrote a blog about Mac management with Intune, however it's been a few years and I feel it's time we re-visit Mac management with Intune to learn more about what's changed. You'll soon learn there's been a significant amount of progress and since my first post Intune now has a lot. Mar 11, 2019  MacOS devices managed by Jamf remain managed by Jamf when Intune comes into the picture (thus are only registered with Intune not enrolled) and integrating Jamf Pro with Intune provides a path for Jamf to send signals in the form of inventory to Intune.

Note

Intune now requires Android 5.x (Lollipop) or higher for applications and devices to access company resources via the Company Portal app for Android and the Intune App SDK for Android. This requirement does NOT apply to Polycom Android-based Teams devices running 4.4. These devices will continue to be supported.

Intune supported operating systems

You can manage devices running the following operating systems:

Apple

  • Apple iOS 11.0 and later
  • Apple iPadOS 13.0 and later
  • Mac OS X 10.12 and later

Google

  • Android 5.0 and later (including Samsung KNOX Standard 2.4 and higher: requirements)
  • Android enterprise: requirements

Microsoft

  • Surface Hub

  • Windows 10 (Home, S, Pro, Education, and Enterprise versions)

  • Windows 10 Enterprise 2019 LTSC

    For more information about managing devices running Windows 10 2019 LTSC, see What's new in Windows 10 Enterprise 2019 LTSC

  • Windows 10 Mobile

  • Windows 10 IoT Enterprise (x86, x64)

  • Windows 10 IoT Mobile Enterprise

  • Windows Holographic for Business

    For more information about managing devices running Windows Holographic for Business, see Window Holographic for Business support.

  • Windows 10 Teams (Surface Hub)

    For more information about managing devices running Windows 10 Teams, see Manage Surface Hub with MDM

  • Windows 10 1709 (RS3) and later, Windows Phone 8.1, Windows 8.1 RT, PCs running Windows 8.1 (Sustaining mode)

Note

Not all Windows Editions support all available operating system features being configured through MDM. See the Windows configuration service provider reference docs. Each CSP highlights which Windows Editions are supported.

Customers with Enterprise Management + Security (EMS) can also use Azure Active Directory (Azure AD) to register Windows 10 devices.

For guidelines on using Windows 10 virtual machines with Intune, see Using Windows 10 virtual machines.

Supported Samsung Knox Standard devices

To avoid Knox activation errors that prevent MDM enrollment, the Company Portal app only attempts Samsung Knox activation during MDM enrollment if the device appears in the list of supported Knox devices. Devices that don't support Samsung Knox activation enroll as standard Android devices. A Samsung device might have some model numbers that support Knox, while others don't. Verify Knox compatibility with your device reseller before you buy and deploy Samsung devices.

Note

Enrolling Samsung Knox devices may require you to enable access to Samsung servers.

The following list of Samsung device models do not support Knox. They are enrolled as native Android devices by the Company Portal app for Android:

Device NameDevice Model Numbers
Galaxy AvantSM-G386T
Galaxy Core 2/Core 2 DuosSM-G355H
SM-G355M
Galaxy Core LiteSM-G3588V
Galaxy Core PrimeSM-G360H
Galaxy Core LTESM-G386F
SM-G386W
Galaxy GrandGT-I9082L
GT-I9082
GT-I9080L
Galaxy Grand 3SM-G7200
Galaxy Grand NeoGT-I9060I
Galaxy Grand Prime Value EditionSM-G531H
Galaxy J MaxSM-T285YD
Galaxy J1SM-J100H
SM-J100M
SM-J100ML
Galaxy J1 AceSM-J110F
SM-J110H
Galaxy J1 MiniSM-J105M
Galaxy J2/J2 ProSM-J200H
SM-J210F
Galaxy J3SM-J320F
SM-J320FN
SM-J320H
SM-J320M
Galaxy K ZoomSM-C115
Galaxy LightSGH-T399N
Galaxy Note 3SM-N9002
SM-N9009
Galaxy Note 7/Note 7 DuosSM-N930S
SM-N9300
SM-N930F
SM-N930T
SM-N9300
SM-N930F
SM-N930S
SM-N930T
Galaxy Note 10.1 3GSM-P602
Galaxy S2 PlusGT-I9105P
Galaxy S3 MiniSM-G730A
SM-G730V
Galaxy S3 NeoGT-I9300
GT-I9300I
Galaxy S4SM-S975L
Galaxy S4 NeoSM-G318ML
Galaxy S5SM-G9006W
Galaxy S6 Edge404SC
Galaxy Tab A 7.0'SM-T280
SM-T285
Galaxy Tab 3 7'/Tab 3 Lite 7'SM-T116
SM-T210
SM-T211
Galaxy Tab 3 8.0'SM-T311
Galaxy Tab 3 10.1'GT-P5200
GT-P5210
GT-P5220
Galaxy Trend 2 LiteSM-G318H
Galaxy V PlusSM-G318HZ
Galaxy Young 2 DuosSM-G130BU

Windows PC software client

An Intune software client can be deployed and installed on Windows PCs as an alternate enrollment method. This functionality is only available using the Intune classic portal. You can use the Intune software client to manage 10 and later PCs with the exception of Windows 10 Home edition.

Note

Microsoft announced that Windows 7 support ends on January 14th 2020. On this date, Intune also retires support for devices running Windows 7.

For more information, see Intune plan for change: end of support for Windows 7.

Microsoft Intune will retire support for the Silverlight-based Intune console on October 15, 2020. This retirement includes ending support for the Silverlight console configured PC software client (also known as the PC agent).

For more information, see Microsoft Intune ending support for the Silverlight-based admin console.

Crashing

Intune supported web browsers

Different administrative tasks require that you use one of the following administrative websites.

The following browsers are supported for these portals:

  • Microsoft Edge (latest version)
  • Microsoft Internet Explorer 11
  • Safari (latest version, Mac only)
  • Chrome (latest version)
  • Firefox (latest version)

Intune classic portal

The Intune classic portal is only used for managing devices enrolled with the Intune PC software client (https://manage.microsoft.com). The Intune classic portal requires Silverlight browser support.

The following Silverlight browsers support the Intune console:

  • Internet Explorer 10 or later
  • Google Chrome (versions prior to version 42)
  • Mozilla Firefox with Silverlight enabled (versions prior to version 56)

Note

Browser

Download Intune Managed Browser

Microsoft Edge and mobile browsers are not supported for the Intune classic portal because they do not support Microsoft Silverlight.

Intune Managed Browser App

Only users with service administrator permissions or tenant administrators with the global administrator role can sign in to this portal. To access the administration console, your account must have a license to use Intune and a sign-in status of Allowed.

-->

This article lists and describes the different settings you can control on macOS devices. As part of your mobile device management (MDM) solution, use these settings to allow or disable features, set password rules, allow or restrict specific apps, and more.

These settings are added to a device configuration profile in Intune, and then assigned or deployed to your macOS devices.

Before you begin

Create a device restrictions configuration profile.

Note

These settings apply to different enrollment types. For more information on the different enrollment types, see macOS enrollment.

General

Settings apply to: Device enrollment and Automated device enrollment

Microsoft Intune Managed Browser Mac Download

  • Definition Lookup: Block prevents user from highlighting a word, and then looking up its definition on the device. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow the definition lookup feature.

  • Dictation: Block stops users from using voice input to enter text. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to use dictation input.

  • Content caching: Block prevents content caching. Content caching stores app data, web browser data, downloads, and more locally on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might enable content caching.

    For more information on content caching on macOS, see Manage content caching on Mac (opens another website).

    This feature applies to:

    • macOS 10.13 and newer

  • Defer software updates: Enable allows you to delay when software updates are shown on devices, from 0-90 days. This setting doesn't control when updates are or aren't installed. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show updates on devices as Apple releases them. For example, if a macOS update gets released by Apple on a specific date, then that update naturally shows up on devices around the release date. Seed build updates are allowed without delay.

    • Delay visibility of software updates: Enter a value from 0-90 days. When the delay expires, users get a notification to update to the earliest version of the OS available when the delay was triggered.

      For example, if a macOS update is available on January 1, and Delay visibility is set to 5 days, then the update isn't shown as an available update. On the sixth day following the release, that update is available, and users can install it.

      This feature applies to:

      • macOS 10.13.4 and newer

  • Screenshots: Device must be enrolled in Apple's Automated Device Enrollment (DEP). Block prevents users from saving screenshots of the display. It also prevents the Classroom app from observing remote screens. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to capture screenshots, and allows the Classroom app to view remote screens.

Settings apply to: Automated device enrollment

  • Remote screen observation through Classroom app: Disable prevents teachers from using the Classroom app to see their students' screens. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow teachers to see their students' screens.

    To use this setting, set the Screenshots setting to Not configured (screenshots are allowed).

  • Unprompted screen observation by Classroom app: Allow lets teachers see their students' screens without requiring students to agree. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might require students to agree before teachers can see the screens.

    To use this setting, set the Screenshots setting to Not configured (screenshots are allowed).

  • Students must request permission to leave Classroom class: Require forces students enrolled in an unmanaged Classroom course to get teacher approval to leave the course. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow students to leave the course whenever the student chooses.

  • Teachers can automatically lock devices or apps in the Classroom app: Allow lets teachers lock a student's device or app without the student's approval. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might require students agree before teachers can lock the device or app.

  • Students can automatically join Classroom class: Allow lets students join a class without prompting the teacher. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might require teacher approval to join a class.

Password

Settings apply to: Device enrollment and Automated device enrollment

  • Password: Require users to enter a password to access devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not require a password. It also doesn't force any restrictions, such as blocking simple passwords or setting a minimum length.

    • Required password type: Enter the required password complexity level your organization requires. Your options:

      • Not configured: Intune doesn't change or update this setting.
      • Numeric: Password must only be numbers, such as 123456789.
      • Alphanumeric: Includes uppercase letters, lowercase letters, and numeric characters.

      This feature applies to:

      • macOS 10.10.3 and newer

    • Number of non-alphanumeric characters in password: Enter the number of complex characters required in the password, from 0-4. A complex character is a symbol, such as ?

    • Minimum password length: Enter the minimum length the password must have, from 4-16 characters.

    • Simple passwords: Allow using simple passwords, such as 0000 or 1234.

    • Maximum minutes after screen lock before password is required: Enter the length of time devices must be inactive before a password is required to unlock it. When the value is blank or set to Not configured, Intune doesn't change or update this setting.

    • Maximum minutes of inactivity until screen locks: Enter the length of time devices must be idle before the screen is automatically locked. For example, enter 5 to lock devices after 5 minutes of being idle. When the value is blank or set to Not configured, Intune doesn't change or update this setting.

    • Password expiration (days): Enter the number of days until the device password must be changed, from 1-65535. For example, enter 90 to expire the password after 90 days. When the password expires, users are prompted to create a new password. When the value is blank, Intune doesn't change or update this setting.

    • Prevent reuse of previous passwords: Use this setting to restrict users from creating previously used passwords. Enter the number of previously used passwords that can't be used, from 1-24. For example, enter 5 so users can't set a new password to their current password or any of their previous four passwords. When the value is blank, Intune doesn't change or update this setting.

  • Block User from Modifying Passcode: Block stops the passcode from being changed, added, or removed. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow passcodes to be added, changed, or removed.

  • Block Fingerprint Unlock: Block prevents using fingerprints to unlock devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to unlock the device using a fingerprint.

  • Block password AutoFill: Block prevents using the AutoFill Passwords feature on macOS. Choosing Block also has the following impact:

    • Users aren't prompted to use a saved password in Safari or in any apps.
    • Automatic Strong Passwords are disabled, and strong passwords aren't suggested to users.

    When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow these features.

  • Block password proximity requests: Block prevents devices from requesting passwords from nearby devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow these password requests.

  • Block password sharing: Block prevents sharing passwords between devices using AirDrop. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow passwords to be shared.

Built-in Apps

Settings apply to: Device enrollment and Automated device enrollment

  • Block Safari AutoFill: Block disables the autofill feature in Safari on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to change autocomplete settings in the web browser.

  • Block Camera: Block prevents access to the camera on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow access to the device camera.

    Intune only manages access to the device camera. It doesn't have access to pictures or videos.

  • Block Apple Music: Block reverts the Music app to classic mode, and disables the Music service. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow using the Apple Music app.

  • Block Spotlight Internet Search Results: Block stops Spotlight from returning any results from an Internet search. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Spotlight search to connect to the Internet, and get search results.

  • Block File Transfer using iTunes: Block disables application file sharing services. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow application file sharing services.

    This feature applies to:

    • macOS 10.13 and newer

Restricted apps

Settings apply to: Device enrollment and Automated device enrollment

  • Type of restricted apps list: Create a list of apps that users aren't allowed to install or use. Your options:

    • Not configured (default): Intune doesn't change or update this setting. By default, users might have access to apps you assign, and built-in apps.
    • Prohibited apps: List the apps (not managed by Intune) that users aren't allowed to install and run. Users aren't prevented from installing a prohibited app. If a user installs an app from this list, it's reported in Intune.
    • Approved apps: List the apps that users are allowed to install. To stay compliant, users must not install other apps. Apps that are managed by Intune are automatically allowed, including the Company Portal app. Users aren't prevented from installing an app that isn't on the approved list. But if they do, it's reported in Intune.

  • App Bundle ID: Enter the app bundle ID of the app you want. You can show or hide built-in apps and line-of-business apps. Apple's web site has a list of built-in Apple apps.

  • App name: Enter the app name of the app you want. You can show or hide built-in apps and line-of-business apps. Apple's web site has a list of built-in Apple apps.

  • Publisher: Enter the publisher of the app.

To add apps to these lists, you can:

  • Add: Select to create your list of apps.
  • Import a CSV file with details about the app, including the URL. Use the <app bundle ID>, <app name>, <app publisher> format. Or, Export to create a list of apps you added, in the same format.

Connected devices

Settings apply to: Device enrollment and Automated device enrollment

  • Block AirDrop: Block prevents using AirDrop on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow using the AirDrop feature to exchange content with nearby devices.
  • Block Apple Watch Auto Unlock: Block prevents users from unlocking their macOS device with their Apple Watch. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to unlock their macOS device with their Apple Watch.

Cloud and storage

Settings apply to: Device enrollment and Automated device enrollment

Intune managed browser mac

  • Block iCloud Keychain sync: Block disables syncing credentials stored in the Keychain to iCloud. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to sync these credentials.

  • Block iCloud Document Sync: Block prevents iCloud from syncing documents and data. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow document and key-value synchronization to your iCloud storage space.

  • Block iCloud Mail Backup: Block prevents iCloud from syncing to the macOS Mail app. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Mail synchronization to iCloud.

  • Block iCloud Contact Backup: Block prevents iCloud from syncing the device contacts. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow contact sync using iCloud.

  • Block iCloud Calendar Backup: Block prevents iCloud from syncing to the macOS Calendar app. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Calendar synchronization to iCloud.

  • Block iCloud Reminder Backup: Block prevents iCloud from syncing to the macOS Reminders app. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Reminders synchronization to iCloud.

  • Block iCloud Bookmark Backup: Block prevents iCloud from syncing the device Bookmarks. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Bookmark synchronization to iCloud.

  • Block iCloud Notes Backup: Block prevents iCloud from syncing the device Notes. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Notes synchronization to iCloud.

  • Block iCloud Photo Library: Block disables iCloud Photo Library, and prevents iCloud from syncing the device photos. Any photos not fully downloaded from iCloud Photo Library are removed from local storage on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow syncing photos between the device and the iCloud Photo Library.

  • Handoff: This feature allows users to start work on a macOS device, and then continue the work they started on another iOS/iPadOS or macOS device. Block prevents the Handoff feature on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow this feature on devices.

    This feature applies to:

    • macOS 10.15 and newer

Microsoft Intune Managed Browser Mac Pro

Domains

Settings apply to: Device enrollment and Automated device enrollment

  • Email Domain URL: Add one or more URLs to the list. When users receive an email from a domain other than one you configured, the email is marked as untrusted in the macOS Mail app.

Next steps

Assign the profile and monitor its status.

You can also restrict device features and settings on iOS/iPadOS devices.