New Device Restriction Settings Available in macOS

Exciting News! New Device Restriction Settings are Available in macOS. The Microsoft Intune 2402 February Update has many new features, one of the most important being the latest device restriction in the macOS setting catalog.

The setting plays a crucial role; these settings enhance administrators‘ control and management of various features on macOS devices. A setting catalog is a list of settings that manage your macOS devices.

These settings are available for configuration and are organized in one place. The setting catalog makes it easy to create policies for your devices. With device restrictions, the admin can control and limit certain features or functionalities.

The New Device restriction is essential to setting the catalog; implementing restrictions will enhance your device’s security and privacy and manage its overall performance. These settings control specific features and functionalities, allowing you to customize the device.

Patch My PC

New Device Restriction Settings Available in macOS

The Microsoft Intune 2402 February Update rolled out the new device restriction. So let’s see how to Configure FileVault Encryption on macOS with Intune. Implementing FileVault encryption through Intune is a significant step towards enhancing the security of your organization’s devices.

See More: Configure FileVault Encryption for macOS Devices using Intune

Adaptiva
New Device Restriction Settings Available in macOS -Fig.1
New Device Restriction Settings available on MacOS. Fig.1

After clicking on the new policy, you must create a profile based on the Platform and profile type. The platform is macOS, and the profile type is the settings catalog. Click on the Create option to go to another step.

New Device Restriction Settings Available in macOS -Fig.2
New Device Restriction Settings Available in macOS -Fig.2

The basics tab is the first and most crucial step; in this step, we have to give a Name to the policy and a proper Description of that policy. I provide the name ”Sample FileVault encryption policy” as an example. The Description is very important. You can describe the policy, which will help you understand later.

  • Click on Next
New Device Restriction Settings Available in macOS -Fig.3
New Device Restriction Settings Available in macOS -Fig.3

In the configuration step, you have to Add settings. In this step, you can choose the setting you want to configure. The Add settings will discover that admins may experience performance degradation when more than 400 settings are added to a single policy.

  • Click on Add Settings
New Device Restriction Settings Available in macOS -Fig.4
New Device Restriction Settings Available in macOS -Fig.4

When you click Add Settings, you will get a Settings Picker window. You must click the Full Disk Encryption drop-down arrow and enlarge the option under the browse by category. Then, Click on the FileVault option and select the setting.

  • Click on the Force Enable in Setup Assistant
New Device Restriction SettingsInfo
Force Enable in Setup AssistantIf ‘true’, and installation of this payload occurs after enrolling with MDM in Setup Assistant, the system requests Setup Assistant to enable FileVault at setup time. In this case, the system also ignores all other keys in this payload, except for ‘ShowRecoveryKey’. To use this, enable the Await Device Configured DEP configuration option and send this profile with this key set before sending the DeviceConfiguredCommand. An admin SecureToken user is required, otherwise the FileVault pane does not appear.
Force Classroom Unprompted Screen ObservationIf ‘true’ and ‘ScreenObservationPermissionModificationAllowed’ is also ‘true’ in the Education payload, a student enrolled in a managed course through the Classroom app automatically permits to that course teacher’s requests to observe the student’s screen without prompting the student. Requires a supervised device. Available in iOS 11 and later and macOS 10.14.4 and later.
New Device Restriction Settings available in the macOS table.1
New Device Restriction Settings Available in macOS -Fig.5
New Device Restriction Settings Available in macOS -Fig.5

After selecting Full Disk Encryption, click the Restriction option under the browse category. Also, select the new setting, Force Classroom Unprompted Screen Observation, and close the window.

New Device Restriction Settings Available in macOS -Fig.6
New Device Restriction Settings Available in macOS -Fig.6

You can see the configuration settings window now and enable the Force Enable in Setup Assistant as true. If ‘true‘, and this payload is installed after enrolling with MDM in Setup Assistant, the system requests Setup Assistant to enable FileVault at setup time.

  • Click on the Next
New Device Restriction Settings Available in macOS -Fig.7
New Device Restriction Settings Available in macOS -Fig.7

The next step is to assign Scope tags; this option is optional. When you assign a scope tag for a policy or device, that policy is only visible to administrators with a role in the assignment.

  • Click on the Next
New Device Restriction Settings Available in macOS -Fig.8
New Device Restriction Settings Available in macOS -Fig.8

The Crucial step is assigning the policy to the group. In this step, you can choose who can access certain apps or policies. To do this, click on Add Group under the Include Group section. After clicking add group, you will get a side pane. Select the group from the list.

  • Click on the Add groups
  • Select the Group that you want to assign the policy
  • Click on Select
  • Click on the Next option for the next step
New Device Restriction Settings Available in macOS - Fig.9
New Device Restriction Settings Available in macOS – Fig.9

The last step is the Review + Create option. In this step, you can finalize the policy settings, edit the settings before creating the policy, and check all the details you have chosen.

  • Click on Create to create the policy.
New Device Restriction Settings Available in macOS -Fig.10
New Device Restriction Settings Available in macOS -Fig.10

Reference

What’s new in Microsoft Intune

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Krishna. R is a computer enthusiast. She loves writing about Windows 11 and Intune-related technologies and sharing her knowledge, quick tips, and tricks about Windows 11 or 10 with the community.

1 thought on “New Device Restriction Settings Available in macOS”

  1. The force at setup assistant doesnt work as intented. There seems to be an issue with this settings catalog. Also when assigning, make sure to user filter that match the enrolment policy name rather than entra group as there seems to be delay in getting the device to group and policy getting assigned during setup assistant.

    The Await final configuration feature for the device must be set to Yes In the enrolment profile for this to work.

    But as of now, many have reported issue that filevault is not getting enabled even though policy is installed in device.

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.