Microsoft Intune Managed Browser Mac
- Download Intune Managed Browser
- Intune Managed Browser App
- Microsoft Intune Managed Browser Mac Download
- Microsoft Intune Managed Browser Mac Pro
Before setting up Microsoft Intune, review the supported operating systems and browsers.
For help installing Intune on your device, see using managed devices to get work done and Intune network bandwidth usage.
For more information on configuration service provider support, visit the Configuration service provider reference.
Oct 28, 2019 This is now applicable for newly enrolled macOS devices starting in October 2019. With this change, administrators can see app inventory information only pertaining to managed apps installed by Microsoft Intune and any apps that are installed by the user outside of Intune are not reported in the Intune console. Corporate devices will continue. Intune Managed Browser Android latest 1.3.4442.3 APK Download and Install. View and navigate web content. Mar 11, 2019 Back in 2015 I wrote a blog about Mac management with Intune, however it's been a few years and I feel it's time we re-visit Mac management with Intune to learn more about what's changed. You'll soon learn there's been a significant amount of progress and since my first post Intune now has a lot. Mar 11, 2019 MacOS devices managed by Jamf remain managed by Jamf when Intune comes into the picture (thus are only registered with Intune not enrolled) and integrating Jamf Pro with Intune provides a path for Jamf to send signals in the form of inventory to Intune.
Note
Intune now requires Android 5.x (Lollipop) or higher for applications and devices to access company resources via the Company Portal app for Android and the Intune App SDK for Android. This requirement does NOT apply to Polycom Android-based Teams devices running 4.4. These devices will continue to be supported.
Intune supported operating systems
You can manage devices running the following operating systems:
Apple
- Apple iOS 11.0 and later
- Apple iPadOS 13.0 and later
- Mac OS X 10.12 and later
- Android 5.0 and later (including Samsung KNOX Standard 2.4 and higher: requirements)
- Android enterprise: requirements
Microsoft
Surface Hub
Windows 10 (Home, S, Pro, Education, and Enterprise versions)
Windows 10 Enterprise 2019 LTSC
For more information about managing devices running Windows 10 2019 LTSC, see What's new in Windows 10 Enterprise 2019 LTSC
Windows 10 Mobile
Windows 10 IoT Enterprise (x86, x64)
Windows 10 IoT Mobile Enterprise
Windows Holographic for Business
For more information about managing devices running Windows Holographic for Business, see Window Holographic for Business support.
Windows 10 Teams (Surface Hub)
For more information about managing devices running Windows 10 Teams, see Manage Surface Hub with MDM
Windows 10 1709 (RS3) and later, Windows Phone 8.1, Windows 8.1 RT, PCs running Windows 8.1 (Sustaining mode)
Note
Not all Windows Editions support all available operating system features being configured through MDM. See the Windows configuration service provider reference docs. Each CSP highlights which Windows Editions are supported.
Customers with Enterprise Management + Security (EMS) can also use Azure Active Directory (Azure AD) to register Windows 10 devices.
For guidelines on using Windows 10 virtual machines with Intune, see Using Windows 10 virtual machines.
Supported Samsung Knox Standard devices
To avoid Knox activation errors that prevent MDM enrollment, the Company Portal app only attempts Samsung Knox activation during MDM enrollment if the device appears in the list of supported Knox devices. Devices that don't support Samsung Knox activation enroll as standard Android devices. A Samsung device might have some model numbers that support Knox, while others don't. Verify Knox compatibility with your device reseller before you buy and deploy Samsung devices.
Note
Enrolling Samsung Knox devices may require you to enable access to Samsung servers.
The following list of Samsung device models do not support Knox. They are enrolled as native Android devices by the Company Portal app for Android:
Device Name | Device Model Numbers |
---|---|
Galaxy Avant | SM-G386T |
Galaxy Core 2/Core 2 Duos | SM-G355H SM-G355M |
Galaxy Core Lite | SM-G3588V |
Galaxy Core Prime | SM-G360H |
Galaxy Core LTE | SM-G386F SM-G386W |
Galaxy Grand | GT-I9082L GT-I9082 GT-I9080L |
Galaxy Grand 3 | SM-G7200 |
Galaxy Grand Neo | GT-I9060I |
Galaxy Grand Prime Value Edition | SM-G531H |
Galaxy J Max | SM-T285YD |
Galaxy J1 | SM-J100H SM-J100M SM-J100ML |
Galaxy J1 Ace | SM-J110F SM-J110H |
Galaxy J1 Mini | SM-J105M |
Galaxy J2/J2 Pro | SM-J200H SM-J210F |
Galaxy J3 | SM-J320F SM-J320FN SM-J320H SM-J320M |
Galaxy K Zoom | SM-C115 |
Galaxy Light | SGH-T399N |
Galaxy Note 3 | SM-N9002 SM-N9009 |
Galaxy Note 7/Note 7 Duos | SM-N930S SM-N9300 SM-N930F SM-N930T SM-N9300 SM-N930F SM-N930S SM-N930T |
Galaxy Note 10.1 3G | SM-P602 |
Galaxy S2 Plus | GT-I9105P |
Galaxy S3 Mini | SM-G730A SM-G730V |
Galaxy S3 Neo | GT-I9300 GT-I9300I |
Galaxy S4 | SM-S975L |
Galaxy S4 Neo | SM-G318ML |
Galaxy S5 | SM-G9006W |
Galaxy S6 Edge | 404SC |
Galaxy Tab A 7.0' | SM-T280 SM-T285 |
Galaxy Tab 3 7'/Tab 3 Lite 7' | SM-T116 SM-T210 SM-T211 |
Galaxy Tab 3 8.0' | SM-T311 |
Galaxy Tab 3 10.1' | GT-P5200 GT-P5210 GT-P5220 |
Galaxy Trend 2 Lite | SM-G318H |
Galaxy V Plus | SM-G318HZ |
Galaxy Young 2 Duos | SM-G130BU |
Windows PC software client
An Intune software client can be deployed and installed on Windows PCs as an alternate enrollment method. This functionality is only available using the Intune classic portal. You can use the Intune software client to manage 10 and later PCs with the exception of Windows 10 Home edition.
Note
Microsoft announced that Windows 7 support ends on January 14th 2020. On this date, Intune also retires support for devices running Windows 7.
For more information, see Intune plan for change: end of support for Windows 7.
Microsoft Intune will retire support for the Silverlight-based Intune console on October 15, 2020. This retirement includes ending support for the Silverlight console configured PC software client (also known as the PC agent).
For more information, see Microsoft Intune ending support for the Silverlight-based admin console.
Intune supported web browsers
Different administrative tasks require that you use one of the following administrative websites.
The following browsers are supported for these portals:
- Microsoft Edge (latest version)
- Microsoft Internet Explorer 11
- Safari (latest version, Mac only)
- Chrome (latest version)
- Firefox (latest version)
Intune classic portal
The Intune classic portal is only used for managing devices enrolled with the Intune PC software client (https://manage.microsoft.com). The Intune classic portal requires Silverlight browser support.
The following Silverlight browsers support the Intune console:
- Internet Explorer 10 or later
- Google Chrome (versions prior to version 42)
- Mozilla Firefox with Silverlight enabled (versions prior to version 56)
Note
Download Intune Managed Browser
Microsoft Edge and mobile browsers are not supported for the Intune classic portal because they do not support Microsoft Silverlight.
Intune Managed Browser App
Only users with service administrator permissions or tenant administrators with the global administrator role can sign in to this portal. To access the administration console, your account must have a license to use Intune and a sign-in status of Allowed.
-->This article lists and describes the different settings you can control on macOS devices. As part of your mobile device management (MDM) solution, use these settings to allow or disable features, set password rules, allow or restrict specific apps, and more.
These settings are added to a device configuration profile in Intune, and then assigned or deployed to your macOS devices.
Before you begin
Create a device restrictions configuration profile.
Note
These settings apply to different enrollment types. For more information on the different enrollment types, see macOS enrollment.
General
Settings apply to: Device enrollment and Automated device enrollment
Microsoft Intune Managed Browser Mac Download
Definition Lookup: Block prevents user from highlighting a word, and then looking up its definition on the device. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow the definition lookup feature.
Dictation: Block stops users from using voice input to enter text. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to use dictation input.
Content caching: Block prevents content caching. Content caching stores app data, web browser data, downloads, and more locally on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might enable content caching.
For more information on content caching on macOS, see Manage content caching on Mac (opens another website).
This feature applies to:
- macOS 10.13 and newer
Defer software updates: Enable allows you to delay when software updates are shown on devices, from 0-90 days. This setting doesn't control when updates are or aren't installed. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might show updates on devices as Apple releases them. For example, if a macOS update gets released by Apple on a specific date, then that update naturally shows up on devices around the release date. Seed build updates are allowed without delay.
Delay visibility of software updates: Enter a value from 0-90 days. When the delay expires, users get a notification to update to the earliest version of the OS available when the delay was triggered.
For example, if a macOS update is available on January 1, and Delay visibility is set to 5 days, then the update isn't shown as an available update. On the sixth day following the release, that update is available, and users can install it.
This feature applies to:
- macOS 10.13.4 and newer
Screenshots: Device must be enrolled in Apple's Automated Device Enrollment (DEP). Block prevents users from saving screenshots of the display. It also prevents the Classroom app from observing remote screens. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to capture screenshots, and allows the Classroom app to view remote screens.
Settings apply to: Automated device enrollment
Remote screen observation through Classroom app: Disable prevents teachers from using the Classroom app to see their students' screens. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow teachers to see their students' screens.
To use this setting, set the Screenshots setting to Not configured (screenshots are allowed).
Unprompted screen observation by Classroom app: Allow lets teachers see their students' screens without requiring students to agree. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might require students to agree before teachers can see the screens.
To use this setting, set the Screenshots setting to Not configured (screenshots are allowed).
Students must request permission to leave Classroom class: Require forces students enrolled in an unmanaged Classroom course to get teacher approval to leave the course. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow students to leave the course whenever the student chooses.
Teachers can automatically lock devices or apps in the Classroom app: Allow lets teachers lock a student's device or app without the student's approval. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might require students agree before teachers can lock the device or app.
Students can automatically join Classroom class: Allow lets students join a class without prompting the teacher. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might require teacher approval to join a class.
Password
Settings apply to: Device enrollment and Automated device enrollment
Password: Require users to enter a password to access devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might not require a password. It also doesn't force any restrictions, such as blocking simple passwords or setting a minimum length.
Required password type: Enter the required password complexity level your organization requires. Your options:
- Not configured: Intune doesn't change or update this setting.
- Numeric: Password must only be numbers, such as 123456789.
- Alphanumeric: Includes uppercase letters, lowercase letters, and numeric characters.
This feature applies to:
- macOS 10.10.3 and newer
Number of non-alphanumeric characters in password: Enter the number of complex characters required in the password, from 0-4. A complex character is a symbol, such as
?
Minimum password length: Enter the minimum length the password must have, from 4-16 characters.
Simple passwords: Allow using simple passwords, such as
0000
or1234
.Maximum minutes after screen lock before password is required: Enter the length of time devices must be inactive before a password is required to unlock it. When the value is blank or set to Not configured, Intune doesn't change or update this setting.
Maximum minutes of inactivity until screen locks: Enter the length of time devices must be idle before the screen is automatically locked. For example, enter 5 to lock devices after 5 minutes of being idle. When the value is blank or set to Not configured, Intune doesn't change or update this setting.
Password expiration (days): Enter the number of days until the device password must be changed, from 1-65535. For example, enter
90
to expire the password after 90 days. When the password expires, users are prompted to create a new password. When the value is blank, Intune doesn't change or update this setting.Prevent reuse of previous passwords: Use this setting to restrict users from creating previously used passwords. Enter the number of previously used passwords that can't be used, from 1-24. For example, enter 5 so users can't set a new password to their current password or any of their previous four passwords. When the value is blank, Intune doesn't change or update this setting.
Block User from Modifying Passcode: Block stops the passcode from being changed, added, or removed. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow passcodes to be added, changed, or removed.
Block Fingerprint Unlock: Block prevents using fingerprints to unlock devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to unlock the device using a fingerprint.
Block password AutoFill: Block prevents using the AutoFill Passwords feature on macOS. Choosing Block also has the following impact:
- Users aren't prompted to use a saved password in Safari or in any apps.
- Automatic Strong Passwords are disabled, and strong passwords aren't suggested to users.
When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow these features.
Block password proximity requests: Block prevents devices from requesting passwords from nearby devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow these password requests.
Block password sharing: Block prevents sharing passwords between devices using AirDrop. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow passwords to be shared.
Built-in Apps
Settings apply to: Device enrollment and Automated device enrollment
Block Safari AutoFill: Block disables the autofill feature in Safari on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to change autocomplete settings in the web browser.
Block Camera: Block prevents access to the camera on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow access to the device camera.
Intune only manages access to the device camera. It doesn't have access to pictures or videos.
Block Apple Music: Block reverts the Music app to classic mode, and disables the Music service. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow using the Apple Music app.
Block Spotlight Internet Search Results: Block stops Spotlight from returning any results from an Internet search. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Spotlight search to connect to the Internet, and get search results.
Block File Transfer using iTunes: Block disables application file sharing services. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow application file sharing services.
This feature applies to:
- macOS 10.13 and newer
Restricted apps
Settings apply to: Device enrollment and Automated device enrollment
Type of restricted apps list: Create a list of apps that users aren't allowed to install or use. Your options:
- Not configured (default): Intune doesn't change or update this setting. By default, users might have access to apps you assign, and built-in apps.
- Prohibited apps: List the apps (not managed by Intune) that users aren't allowed to install and run. Users aren't prevented from installing a prohibited app. If a user installs an app from this list, it's reported in Intune.
- Approved apps: List the apps that users are allowed to install. To stay compliant, users must not install other apps. Apps that are managed by Intune are automatically allowed, including the Company Portal app. Users aren't prevented from installing an app that isn't on the approved list. But if they do, it's reported in Intune.
App Bundle ID: Enter the app bundle ID of the app you want. You can show or hide built-in apps and line-of-business apps. Apple's web site has a list of built-in Apple apps.
App name: Enter the app name of the app you want. You can show or hide built-in apps and line-of-business apps. Apple's web site has a list of built-in Apple apps.
Publisher: Enter the publisher of the app.
To add apps to these lists, you can:
- Add: Select to create your list of apps.
- Import a CSV file with details about the app, including the URL. Use the
<app bundle ID>, <app name>, <app publisher>
format. Or, Export to create a list of apps you added, in the same format.
Connected devices
Settings apply to: Device enrollment and Automated device enrollment
- Block AirDrop: Block prevents using AirDrop on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow using the AirDrop feature to exchange content with nearby devices.
- Block Apple Watch Auto Unlock: Block prevents users from unlocking their macOS device with their Apple Watch. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to unlock their macOS device with their Apple Watch.
Cloud and storage
Settings apply to: Device enrollment and Automated device enrollment
Block iCloud Keychain sync: Block disables syncing credentials stored in the Keychain to iCloud. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow users to sync these credentials.
Block iCloud Document Sync: Block prevents iCloud from syncing documents and data. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow document and key-value synchronization to your iCloud storage space.
Block iCloud Mail Backup: Block prevents iCloud from syncing to the macOS Mail app. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Mail synchronization to iCloud.
Block iCloud Contact Backup: Block prevents iCloud from syncing the device contacts. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow contact sync using iCloud.
Block iCloud Calendar Backup: Block prevents iCloud from syncing to the macOS Calendar app. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Calendar synchronization to iCloud.
Block iCloud Reminder Backup: Block prevents iCloud from syncing to the macOS Reminders app. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Reminders synchronization to iCloud.
Block iCloud Bookmark Backup: Block prevents iCloud from syncing the device Bookmarks. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Bookmark synchronization to iCloud.
Block iCloud Notes Backup: Block prevents iCloud from syncing the device Notes. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow Notes synchronization to iCloud.
Block iCloud Photo Library: Block disables iCloud Photo Library, and prevents iCloud from syncing the device photos. Any photos not fully downloaded from iCloud Photo Library are removed from local storage on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow syncing photos between the device and the iCloud Photo Library.
Handoff: This feature allows users to start work on a macOS device, and then continue the work they started on another iOS/iPadOS or macOS device. Block prevents the Handoff feature on devices. When set to Not configured (default), Intune doesn't change or update this setting. By default, the OS might allow this feature on devices.
This feature applies to:
- macOS 10.15 and newer
Microsoft Intune Managed Browser Mac Pro
Domains
Settings apply to: Device enrollment and Automated device enrollment
- Email Domain URL: Add one or more URLs to the list. When users receive an email from a domain other than one you configured, the email is marked as untrusted in the macOS Mail app.
Next steps
Assign the profile and monitor its status.
You can also restrict device features and settings on iOS/iPadOS devices.