This post covers the Intune Policy to disable Touch ID for Unlock Mac Devices. macOS allows users to use Touch ID to unlock their Mac, Disabling Touch ID may be a preference for prioritizing privacy and security.
Touch ID is a fingerprint recognition feature designed that allows users to unlock devices, Touch ID doesn’t store any images of your fingerprint and instead only relies on a mathematical representation. It isn’t possible for someone to reverse engineer your actual fingerprint image from this stored data.
Biometric authentication, such as Touch ID, improves the user experience by offering a quick and effortless way to unlock the device. Disable Touch ID for unlocking a Mac depends on your specific security requirements and user preferences. It’s important to be aware of potential security considerations.
There are various Mac device restriction settings offered by Intune, configure the Restrictions payload to enable or disable features on devices. These configurations can prevent users from accessing a specific app, service or function on enrolled devices.
- Manage System Integrity Protection For MacOS Devices Using Intune
- Configure macOS Compliance Policy In Intune For Devices
Intune Policy to Disable Touch ID for Unlock Mac Device
You need to use macOS configuration profiles or Shell scripts for macOS-specific configurations, including disabling Touch ID. By following these steps, you can use the Intune Policy to Disable Touch ID for Unlock Mac Device.
- Open the Microsoft Intune Admin Center https://intune.microsoft.com/ portal from any browser. Enter the User Name and password to log in.
- Select Devices > macOS > Configuration profiles under macOS policies, and click + New Policy. You can now able to Import and Export Settings Catalog Policy from the Intune Admin Center, by clicking Import Policy.
In Create Profile, Select macOS in Platform, and Select Profile Type as Settings Catalog. Click on the Create button.
In Basics, enter a descriptive name for the policy. Name your policies so you can easily identify them later. Enter a description for the policy. This setting is optional, but recommended. Select Next.
On the macOS Configuration settings tab, With the settings catalog, you can choose which settings you want to configure. Click on Add Settings to browse or search the catalog for the settings you want to configure.
Search for “Allow Fingerprint for unlock” or “Fingerprint for unlock”. Select the Restrictions settings from Allow Fingerprint For Unlock from the search result.
By default, the OS might allow users to unlock the device using a fingerprint. The next step is to toggle the Allow Fingerprint For Unlock to Flase switch. If false, prevent Touch ID or Face ID from unlocking a device. Available in iOS 7 and later, and macOS 10.12.4 and later and click on Next.
Next, in Assignments, in Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups to target the macOS restriction policy, and click Next to continue.
In Review + create, review your settings. When you select Create, your changes are saved, and the profile is assigned.
A notification will appear automatically if you see it in the top right-hand corner. You can see that the Policy “Disable Touch ID for Unlocking mac Device” was created successfully. The policy is also shown in the Configuration profiles list.
Monitor Intune Policy to Disable Touch ID for Unlocking Mac Device
Once the Intune macOS restriction policy is deployed to macOS devices, it will take some time to apply, You can get the deployment status on the list of targeted devices by clicking on profile inside macOS > Configuration profiles.
Note! Before deploying profiles in large groups or production, It’s always important to test any configuration changes or scripts in an environment with limited sets of devices before deploying to production devices.
Once the user successfully log in to the macOS device, you can follow the steps below to check the profile status. The specific settings and options might vary based on the version of macOS you are using. You can also initiate the manual sync to speed up if the profile is not received.
- Click on the Apple icon at the top-left corner and select System Settings from the list of options.
- Search for Privacy & Security, and look to find out the settings.
We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.
Author
About Author – Jitesh, Microsoft MVP, has over six years of working experience in the IT Industry. He writes and shares his experiences related to Microsoft device management technologies and IT Infrastructure management. His primary focus is Windows 10/11 Deployment solution with Configuration Manager, Microsoft Deployment Toolkit (MDT), and Microsoft Intune.