New or Reimage Device Enrollment
This page provides instructions on how to enrolling your new or reimaged device into Intune.
Table of Contents:
1. Device Enrollment
Please review and complete all pre-requisites before beginning: Prerequisites
Note: Enrollment can take up to 1 hour to finalizing syncing and installing all settings and required applications. Please ensure you allocate enough time for the process to finish.
After turning on the Mac, you will be presented with the Apple Setup Assistant. Navigate through the wizard and connect to the internet. Once connected, you may be prompted at an activation screen to restart your Mac. Continue through the wizard to receive the Remote Management window which denotes that the University of Waterloo can configure your computer. Click Continue.
Next, you’ll be asked to enter your University of Waterloo email address and password, along with applicable DUO authentication requests.
It will then install the enrollment profile. Click Continue and follow through the Setup Assistant wizard.
When creating the Computer Account, it is recommended that your Account name match your WatIAM username and password. While you can set any password here, passwords that don’t meet the Password requirements will be forced to changed after enrollment.
After the enrollment is finalized, the initial Intune Management Profile will be installed under System Settings > Privacy & Security > Profiles. The subsequent profiles applicable to your device will install as the device connects in with Intune.
These profiles include enforced settings that help secure the device, such as enabling FileVault, password requirements, OS update enforcement, and disabling guest accounts. Options in the System Settings that are greyed out, are now enforced by Intune and cannot be changed. It can take up to 1 hour to finalize installing all settings and required applications. It is recommended to leave the device on and connected to the internet.
After additional profiles have installed, outside of the initial “Management Profile”, proceed with step 2.
2. Password Requirements
Passwords that do not meet the requirements as enforced by Intune, will be prompted to reset at next login. Passwords can be changed under System Settings > Login Password > Change.
Max Grace Period before requiring Password: 1 Minute
Minimum Complex Characters: 1
Password History: 6
Require Alphanumeric Password: True
Minimum Length: 8
Once you have ensured the login account has a secure password, proceed to step 3.
3. FileVault
FileVault is an additional layer of security for MacOS, performing disk encryption on the device. Our Intune policies will force your MacOS to enable FileVault and perform a disk encryption. The next time you logout or restart the device, you will be prompted for your MacOS password to enable the encryption. This can be bypassed up to 3 times before it will be forced to Enable Now.
Note: You may receive an “Incorrect Password” prompt in the FileVault window. This is likely due to a requirement to update your MacOS password to meet security standards. The next time you login to the device, you should be prompted to update your password, then the FileVault window should reappear.
Company Portal
Launch the Company Portal app and perform a Check Status to sync the device to Intune. Company Portal (Available Apps and Self-Service Options) - IST Knowledge Base - Confluence (atlassian.net) It is recommended to perform this action regularly to ensure your device is kept up to date.
Related articles
Need help?
Contact the IST Service Desk online or 519-888-4567 ext. 44357.
Article feedback
If you’d like to share any feedback about this article, please let us know.