Disable Console Logon for macOS using Intune

Here’s a step-by-step guide on how to disable Console Logon for macOS using Intune. macOS Console Access helps enhance the security of your system. This type of login allows users to interact with the macOS system directly, without relying on remote access methods such as SSH or remote desktop connections.

Console logon is often used for tasks like system maintenance, troubleshooting, and initial setup. However, it’s essential to ensure the physical security of the computer, as console logon provides direct access to the system.

Intune includes many built-in settings to control different features on macOS devices. You can create policies from the Settings catalog. These profiles include features and settings for organizations to control on company-enrolled devices.

The setting up Intune policy allows you to configure the Login Window Behavior payload to set preferences for user login, control the user’s ability to restart and shut down devices from the login window, and set the appearance of the login window.

Patch My PC

Starting with the Intune Service release 2301 setting login and background items have been added. You can create a policy that automatically opens items when users log in to their macOS devices using this feature. Same way, you can prevent apps from running in the background while the user is logged on.

Disable Console Logon for macOS using Intune

By following these steps, you can effectively disable console logon on macOS devices managed by Microsoft Intune. This allows admins to configure system preferences and security settings to control console access.

Adaptiva
  • Sign in to the Microsoft Intune Admin portal https://intune.microsoft.com/.
  • Select Devices > Configuration profiles > Create profile or Navigate directly to macOS > Configuration profiles. Here, in this case platform will be prepopulated.

In Create Profile, Select macOS in Platform, and Select Profile Type as Settings Catalog. Click on the Create button.

Disable Console Logon for macOS using Intune Fig.1
Disable Console Logon for macOS using Intune Fig.1

In the macOS Basics tab, enter the descriptive name for the new profile. For example, Disable Console Logon, and add a description for the profile to understand the policy usage and Select Next.

Disable Console Logon for macOS using Intune Fig.2
Disable Console Logon for macOS using Intune Fig.2

On the Configuration settings tab, With the settings catalog, you can choose which settings you want to configure. Click on Add Settings to browse or search the catalog for the settings you want to configure.

Search for “Console” or “Disable Console Access”. Select the “Login > Login Window Behavior” from the search result. Select “Disable Console Access” and close the pane.

Disable Console Logon for macOS using Intune Fig.3
Disable Console Logon for macOS using Intune Fig.3

This policy setting allows you to configure the Login Window Behavior payload to set preferences for user login, control the user’s ability to restart and shut down devices from the login window, and set the appearance of the login window.

The next step is to toggle “Disable Console Logon” to Enabled. If true, disregards the >console special user name, which will provide a command line UI and click on Next.

Disable Console Logon for macOS using Intune Fig.4
Disable Console Logon for macOS using Intune Fig.4

Using Scope tags, you can assign a tag to filter the profile to specific IT groups. One can add scope tags (if required) and click Next to continue.

Now in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups, and click Next to continue.

Disable Console Logon for macOS using Intune Fig.5
Disable Console Logon for macOS using Intune Fig.5

In the Review + Create tab, you need to review your settings. After clicking Create, your changes are saved, and the profile will be assigned to the added devices group.

A notification will appear automatically if you see it in the top right-hand corner. One can easily see that the Policy “Disable Console Logon” was created successfully. Also, if you check the Configuration Profiles list, the Policy is visible there with the tag NEW.

Disable Console Logon for macOS using Intune Fig.6
Disable Console Logon for macOS using Intune Fig.6

Note! The device groups will receive your profile settings when the devices check in with the Intune service. The Policy applies to the device.

Monitor macOS Policy Deployment

Intune provides several features to monitor and manage device configuration profiles. Once the configuration profile is applied, To monitor Intune policy assignment, from the list of Configuration Profiles, select the policy you targeted, and here you can check the device and user check-in status.

If you click View Report, additional details are displayed. Additionally, you can quickly check the update as devices/users check-in status reports:

Disable Console Logon for macOS using Intune Fig.7
Disable Console Logon for macOS using Intune Fig.7

Author

About Author – JiteshMicrosoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.