In this repository you'll find various MDM configuration profiles for macOS - tested with Microsoft Intune. Each profile is a separate file and can be downloaded individually.
This profile was created by me and is not officially supported by Microsoft.
-
This profile prevents disabling the Microsoft AutoUpdate background services on macOS. The services covered are:
com.microsoft.autoupdate.helpercom.microsoft.update.agent
These profiles originally come from Microsoft's repository.
-
This profile prevents disabling the Microsoft Defender for Endpoint/for Business background services on macOS. The services covered are:
com.microsoft.fresnocom.microsoft.fresno.uninstallcom.microsoft.dlp.install_monitor
-
This profile configures full disk access for the Microsoft Defender for Endpoint/for Business application(s) and prevents removal of these permissions. Permissions are granted for the following applications:
com.microsoft.wdav- The Microsoft Defender application.com.microsoft.wdav.epsext- The Microsoft Defender endpoint security extension.com.microsoft.dlp.daemon- The Microsoft Data Loss Prevention daemon.
-
This profile configures the Microsoft Defender for Endpoint/for Business network filter on macOS and prevents this being disabled by the user.
-
This profile configures the Microsoft Defender for Endpoint/for Business notification settings on macOS and prevents these being disabled by the user.
These profiles were created by me and are not officially supported by Microsoft.
-
This profile prevents disabling the Microsoft OneDrive background services on macOS. The services covered are:
com.microsoft.OneDriveStandaloneUpdater- The Microsoft OneDrive standalone updater.
-
This profile configures full disk access for the Microsoft OneDrive application(s) and prevents removal of these permissions. Permissions are granted for the following applications:
com.microsoft.OneDrive- The Microsoft OneDrive application.
These profiles were created by me and are not officially supported by Microsoft.
-
This profile prevents disabling the Microsoft Teams background services on macOS. The services covered are:
com.microsoft.teams.TeamsUpdaterDaemon- The Microsoft Teams updater daemon.
NinjaOne Agent (formerly NinjaRMM)
These profiles were created by me and are not officially supported by NinjaOne.
-
This profile prevents disabling the NinjaOne Agent background services on macOS. The services covered are:
com.ninjarmm.agentd- The NinjaOne Agent.com.ninjarmm.patcher- The NinjaOne Agent patcher.com.ninjarmm.njdialog- The NinjaOne Agent dialog.com.ninjarmm.trayicon- The NinjaOne Agent tray icon.
-
This profile configures full disk access for the NinjaOne Agent application(s) and prevents removal of these permissions. Permissions are granted for the following applications:
ninjarmm-agent- The NinjaOne Agent application.
-
This profile configures the NinjaOne Agent notification settings on macOS and prevents these being disabled by the user.
You can push these profiles to macOS with Microsoft Intune. To do so, follow the steps outlined in Microsoft's documentation ensuring you enter an appropriate name and description for each profile and upload the appropriate profile from this repository.
These profile files will contain enough information to use Jamf's Configure Privacy Preferences Policy Control wizard to create a PPPC profile. The steps should be similar to those outlined by Microsoft's documentation where they illustrate configuring Full Disk Access for Microsoft Defender for Endpoint/for Business.
When pushing out background services settings you can upload the profile directly as shown, again in Microsoft's documentation for Microsoft Defender for Endpoint/for Business.
The profiles haven't been tested with Jamf Pro, but should work. If you encounter any issues, please let me know.