- Intune Company Portal App Macos Login
- Intune Company Portal App Store
- Intune Company Portal App Ios
- Intune Company Portal For Mac
Mar 11, 2019 Once the user selects “Add this one by tapping here” they’ll be prompted to download the Intune Company Portal app. After the Company Portal is downloaded and installed, open it up and you’ll be asked to sign-in using your corporate credentials. These are the same credentials used to sign into Office 365 (derived from Azure AD). With the introduction of Intune support for Mac OS X, you can now use Intune to manage every major platform through a consistent IT Admin experience. Go to the Intune Company Portal website ( portal.manage.microsoft.com ) and click the notification bar to kick off the enrollment process. Any Mac device on OS X 10.9 or later that can connect. Nov 18, 2013 Microsoft Intune helps organizations manage access to corporate apps, data, and resources. Company Portal is the app that lets you, as an employee of your company, securely access those resources. Before you can use this app, make sure your IT admin has set up your work account. Your company must also have a subscription to Microsoft Intune.
-->Intune supports macOS FileVault disk encryption. FileVault is a whole-disk encryption program that is included with macOS. You can use Intune to configure FileVault on devices that run macOS 10.13 or later.
Use one of the following policy types to configure FileVault on your managed devices:
- Endpoint security policy for macOS FileVault. The FileVault profile in Endpoint security is a focused group of settings that is dedicated to configuring FileVault.View the FileVault settings that are available in profiles for disk encryption policy.
- Device configuration profile for endpoint protection for macOS FileVault. FileVault settings are one of the available settings categories for macOS endpoint protection. For more information about using a device configuration profile, see Create a device profile in Inunte.View the FileVault settings that are available in endpoint protection profiles for device configuration policy.
To manage BitLocker for Windows 10, see Manage BitLocker policy.
Tip
Intune provides a built-in encryption report that presents details about the encryption status of devices, across all your managed devices.
After you create a policy to encrypt devices with FileVault, the policy is applied to devices in two stages. First, the device is prepared to enable Intune to retrieve and back up the recovery key. This action is referred to as escrow. After the key is escrowed, the disk encryption can start.
User-approved device enrollment is required for FileVault to work on a device. The user must manually approve of the management profile from system preferences for enrollment to be considered user-approved.
Permissions to manage FileVault
To manage FileVault in Intune, your account must have the applicable Intune role-based access control (RBAC) permissions.
Following are the FileVault permissions, which are part of the Remote tasks category, and the built-in RBAC roles that grant the permission:
- Get FileVault key:
- Help Desk Operator
- Endpoint security manager
- Rotate FileVault key
- Help Desk Operator
Create endpoint security policy for FileVault
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Endpoint security > Disk encryption > Create Policy.
- On the Basics page, enter the following properties, and then choose Next.
- Platform: macOS
- Profile: FileVault
- On the Configuration settings page:
- Set Enable FileVault to Yes.
- For Recovery key type, only Personal Recovery Key is supported.
- Configure additional settings to meet your requirements.
Consider adding a message to help guide users on how to retrieve the recovery key for their device. This information can be useful for your users when you use the setting for Personal recovery key rotation, which can automatically generate a new recovery key for a device periodically.For example: To retrieve a lost or recently rotated recovery key, sign in to the Intune Company Portal website from any device. In the portal, go to Devices and select the device that has FileVault enabled, and then select Get recovery key. The current recovery key is displayed. - When your done configuring settings, select Next.
- On the Scope (Tags) page, choose Select scope tags to open the Select tags pane to assign scope tags to the profile.Select Next to continue.
- On the Assignments page, select the groups that will receive this profile. For more information on assigning profiles, see Assign user and device profiles.Select Next.
- On the Review + create page, when you're done, choose Create. The new profile is displayed in the list when you select the policy type for the profile you created.
Create device configuration policy for FileVault
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Devices > Configuration profiles > Create profile.
- On the Create a profile page, set the following options, and then click Create:
- Platform: macOS
- Profile: Endpoint protection
- On the Basics page, enter the following properties:
- Name: Enter a descriptive name for the policy. Name your policies so you can easily identify them later. For example, a good policy name might include the profile type and platform.
- Description: Enter a description for the policy. This setting is optional, but recommended.
- On the Configuration settings page, select FileVault to expand the available settings:
- Configure the following settings:
- For Enable FileVault, select Yes.
- For Recovery key type, select Personal key.
- For Escrow location description of personal recovery key, add a message to help guide users on how to retrieve the recovery key for their device. This information can be useful for your users when you use the setting for Personal recovery key rotation, which can automatically generate a new recovery key for a device periodically.For example: To retrieve a lost or recently rotated recovery key, sign in to the Intune Company Portal website from any device. In the portal, go to Devices and select the device that has FileVault enabled, and then select Get recovery key. The current recovery key is displayed.
Configure the remaining FileVault settings to meet your business needs, and then select Next. - On the Scope (Tags) page, choose Select scope tags to open the Select tags pane to assign scope tags to the profile.Select Next to continue.
- On the Assignments page, select the groups that will receive this profile. For more information on assigning profiles, see Assign user and device profiles.Select Next.
- On the Review + create page, when you're done, choose Create. The new profile is displayed in the list when you select the policy type for the profile you created.
Manage FileVault
To view information about devices that receive FileVault policy, see Monitor disk encryption.
When Intune first encrypts a macOS device with FileVault, a personal recovery key is created. Upon encryption, the device displays the personal key a single time to the device user.
For managed devices, Intune can escrow a copy of the personal recovery key. Escrow of keys enables Intune administrators to rotate keys to help protect devices, and users to recover a lost or rotated personal recovery key.
After Intune encrypts a macOS device with FileVault:
- Admins can view and manage the FileVault recovery keys by using the Intune encryption report.
- Users can view a device's personal recovery key from the web Company Portal on the device. From within the web Company Portal, choose the encrypted macOS device, and then choose to 'Get recovery key' as a remote device action.
Intune Company Portal App Macos Login
Important
Devices that are encrypted by users, and not by Intune, cannot be managed by Intune. This means that Intune can't escrow the personal recovery of these devices, nor manage the rotation of the recovery key. Before Intune can manage FileVault and recovery keys for the device, the user must decrypt their device, and then let Intune encrypt the device.
Retrieve personal recovery key
For a macOS device that was encrypted by Intune, end users can retrieve their personal recovery key (FileVault key) using the iOS Company Portal app, the Android Company Portal app, or through the Android Intune app.
The device that has the personal recovery key must be enrolled with Intune and encrypted with FileVault through Intune. Using the iOS Company Portal app, Android Company Portal app, the Android Intune app, or the Company Portal website, the user can see the FileVault recovery key needed to access their Mac devices.
Device users can select Devices > the encrypted and enrolled macOS device > Get recovery key. The browser will show the Web Company Portal and display the recovery key.
Rotate recovery keys
Intune supports multiple options to rotate and recover personal recovery keys. One reason to rotate a key is if the current personal key is lost or thought to be at risk.
- Automatic rotation: As an admin, you can configure the FileVault setting Personal recovery key rotation to automatically generate new recovery key's periodically. When a new key is generated for a device, the key isn't displayed to the user. Instead, the user must get the key either from an admin, or by using the company portal app.
- Manual rotation: As an admin, you can view information for a device that you manage with Intune and that's encrypted with FileVault. You can then choose to manually rotate the recovery key for corporate devices. You can't rotate recovery keys for personal devices.To rotate a recovery key:
- Sign in to the Microsoft Endpoint Manager admin center.
- Select Devices > All devices.
- From the list of devices, select the device that is encrypted and for which you want to rotate its key. Then under Monitor, select Recovery keys.
- On the Recovery keys pane, select Rotate FileVault recovery key.The next time the device checks in with Intune, the personal key is rotated. When needed, the new key can be obtained by the user through the company portal.
Intune Company Portal App Store
Recover recovery keys
- Administrator: Administrators can't view personal recovery keys for devices that are encrypted with FileVault.
- End-user: End-users use the Company Portal website from any device to view the current personal recovery key for any of their managed devices. You can't view recovery keys from the Company Portal app.To view a recovery key:
- Sign in to the Intune Company Portal website from any device.
- In the portal, go to Devices and select the macOS device that is encrypted with FileVault.
- Select Get recovery key. The current recovery key is displayed.
Next steps
-->When you install the Company Portal app and enroll your macOS device in Intune, you can use the Company Portal app to:
Intune Company Portal App Ios
- Access the company's network, and your email and work files.
- Get company apps from the Company Portal.
- Remotely reset your phone to factory settings if it is lost or stolen.
- Automatically set up your company email account.
When you enroll your device in Intune, you are giving your company support permission to manage your device to help protect the company information on the device.
Intune Company Portal For Mac
When your device is enrolled, your company support can:
- Reset your device back to manufacturer's default settings if the device is lost or stolen.
- Remove all installed company-related data and business apps. Your personal data and settings aren't removed.
- Require you to have a password or PIN on the device.
- Require you to accept terms and conditions.
- Disable the camera on your device to prevent you from taking pictures of sensitive company data.
- Enable or disable web browsing on your device.
- Enable or disable backup to iCloud.
- Enable or disable document sync to iCloud.
- Enable or disable Photo Stream to iCloud.
- Enable or disable data roaming on your device. If data roaming is allowed, you might incur roaming charges.
- Enable or disable voice roaming on your device. If voice roaming is allowed, you might incur roaming charges.
- Enable or disable automatic file synchronization while in roaming mode on your device. If automatic file synchronization is allowed, you might incur roaming charges.
If you have questions, contact your company support. For contact information, check the Company Portal website.