This post will show you how to disable Guest Account on macOS using Intune. The Guest Account allows temporary and limited access to your Mac, typically for individuals without a user account. While it can be useful in some situations, it can also pose security risks if not managed properly.
By default, the guest user account is disabled. The Guest account policy, you can enforce to configure whether the Guest account is enabled or disabled. This account allows unauthenticated network users to gain access to the system by signing in as a Guest with no password.
Unauthorized users can access any resources that are accessible to the Guest account over the network. This privilege means that any network shared folders with permissions that allow access to the Guest account, the Guests group, or the Everyone group will be accessible over the network. This accessibility can lead to the exposure or corruption of data.
Disabling the Guest Account is a recommended security practice, especially if you are concerned about unauthorized users gaining access to your computer. However, always ensure you have a strong, secure password for your primary user account and consider other security measures, such as enabling FileVault encryption to enhance the overall security of your Mac.
- Microsoft Office License Removal Tool For Mac Office Apps Troubleshoot
- Manage System Integrity Protection For MacOS Devices Using Intune
Disable Guest Account on macOS using Intune
Here’s how you can disable the Guest Account on macOS, To ensure that the Guest Account is successfully disabled, it’s a good practice to test the configuration on a sample macOS device before deploying it organization-wide.
- Sign in to the Microsoft Intune Admin portal https://intune.microsoft.com/.
- Select Devices > Configuration profiles > Create profile or Navigate directly to macOS > Configuration profiles. Here, in this case platform will be prepopulated.
In Create Profile, Select macOS in Platform, and Select Profile Type as Settings Catalog. Click on the Create button.
In the macOS Basics tab, enter the descriptive name for the new profile. For example, Disable Guest Account on macOS, add a description for the profile to understand the policy usage, and Select Next.
On the Configuration settings tab, With the settings catalog, you can choose which settings you want to configure. Click on Add Settings to browse or search the catalog for the settings you want to configure.
Search for “Guest” or “Guest Account”. Select “Accounts” from the search result. Select “Disable Guest Account” and close the settings picker pane.
Configure the account payload to enable or disable guest accounts. This policy setting allows you to disable guest accounts on macOS devices, Toggle the switch to set True, and click on Next.
Using Scope tags, you can assign a tag to filter the profile to specific IT groups. One can add scope tags (if required) and click Next to continue.
Now in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups, and click Next to continue.
In the Review + Create tab, you need to review your settings. After clicking Create, your changes are saved, and the profile will be assigned to the added devices group.
A notification will appear automatically if you see it in the top right-hand corner. You can see that the Policy “Disable Guest Account on macOS” was created successfully.
The macOS device groups will receive your profile settings when the devices check in with the Intune service. The disabling guest account policy applies to the device.
Monitor Guest Account Policy
Intune provides several features to monitor and manage device configuration profiles. Once the configuration profile is applied, To monitor macOS policy assignment, from the list of Configuration Profiles, select the policy you targeted, and here you can check the device and user check-in status.
If you click View Report, additional details are displayed. Additionally, you can quickly check the update as devices/users check-in status reports:
End User Experience
Once the guest accounts are disabled from Intune policy, The Admin users don’t have the capability to enable from the devices.
Click on the Apple menu on targeted macOS devices and select “System Preferences.”This will open a window with various settings for your Mac.
Search for “Users & Groups” and select “Guest User” on the left: In the list of user accounts on the left side of the Users & Groups window, click on the “Guest User.” The option “Allow guests to log in to this computer” should be unchecked.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.