New macOS management capabilities in Endpoint Manager

We recently introduced several new macOS configurations that have been customer-requested to ease manageability of macOS devices. These new capabilities help you manage and troubleshoot line-of-business (LOB) app installs, customize your app delivery channel, and additional manageability options on supervised devices. With these improvements and several more on the way, we’re expanding your manageability portfolio for macOS devices.

Review and edit app detection logic

IT admins can now review and edit the logic that Intune uses to detect whether an app is successfully installed on a managed Mac. Prior to this feature, admins would troubleshoot app errors on their own, often with limited success, and then open a support ticket with Microsoft for troubleshooting when apps successfully installed on a device, but the app report reflects "failed" or "pending". Often Intune was looking for helper apps that never installed or reporting back on apps that had incorrect app details, but because that detection logic was not transparent, it was trial and error to troubleshoot.

This feature, a major advance to macOS LOB app deployment, makes the app detection process transparent to the admin. That visibility will allow admins to review app detection rules before deployment rather than waiting for app reports to show up incorrectly, or if they do report as incorrect, it can result in better troubleshooting when LOB apps are incorrectly reported as “failed” or “pending”.

The app install and troubleshooting experience is best demonstrated by a short video, so here’s a short demo of how to use this new capability:

Customize device configuration profiles

When creating a custom configuration profile on macOS devices, you can use the new deployment channel setting to specify whether the profile is sent to the user channel or the device channel. Previously, all profiles deployed using custom configuration were sent to the device channel. This feature will give IT admin greater control over the custom profile they created and help prevent failed deployments due to a profile being sent to the wrong channel. For example, when you use custom configuration to deploy a profile that is only available on the user channel, you can ensure this profile is sent only to the user channel by configuring this setting.

To learn more about using a payload in a device profile or a user profile, see Profile-Specific Payload Keys. See the screen shot below for where the experience is in the Microsoft Endpoint Manager admin center. ?

Block Game Center on managed macOS devices

Mac devices may be enrolled in Supervised mode which is often used when the device is used in a school, a retail store, or on a manufacturing floor. These are typically purpose-driven, IT managed, and enrolled through Apple’s Automated Device Enrollment. In this release, we’ve enabled you to prevent users from adding friends to the Game Center – or block Game Center entirely and remove it from the home screen – with new settings you can configure on macOS 10.13 devices and newer. In addition, admins can now:

• Prevent multiplayer gaming in the Game Center
• Block any changes to wallpaper.

See the screen shot below for where to configure the settings in the Microsoft Endpoint Manager admin center.

For more on what we released in Microsoft Endpoint Manager in August (2108), read this blog post: