Doe Microsoft Intune Update Mac Computers
Apr 11, 2016 In a previous post, we explained how to set up a compliance policy for MAC OSX, now that our client is ready to receive the compliance policy, we will install the Microsoft Intune client on Mac OS X devices. Install the Intune Client Mac. There is still no way to automatically install the client. Connect on the MAC OSX devices that you want to. Architectural Overview Jamf delivers information about the management state and health of Apple’s Mac computers to Microsoft Intune’s device compliance engine. Intune’s device compliance engine integrates with Azure Active Directory and allows you to identify unmanaged and non-compliant Mac computers in your environment.
Jul 31, 2018 Microsoft Intune gives Administrators the option to manage computers and control many options and Windows updates management is one of the most important options needed for a secure and reliable working environment. Continue reading 'How to Deploy Windows Updates with Microsoft Intune'. Mar 19, 2020 As the settings can only be configured in the Windows Intune, we'd suggest you post a new thread on Intune Forum which is a specific channel for Enrolling devices related issues. Moreover, here are two articles for your reference: Set up iOS and Mac device management. Enroll corporate-owned iOS devices in Microsoft Intune. Thanks for your. Take your business further with productivity solutions designed for small business in Office 365 and Microsoft 365 Business, with the Office apps, collaboration tools and security features to help run and grow your business.
. Save the file to your computer. Microsoft dynamics gp for mac. Click Download to download the manual in PDF file format. When prompted for a location for the file, save the file to the Documentation folder in your Microsoft Dynamics GP 2013 folder.
Applies to: Intune in the classic portal
Important
Legacy PC management is going out of support on October 15, 2020. Upgrade devices to Windows 10 and reenroll them as MDM devices to keep them managed by Intune.
Note
The information in this topic applies only to Windows desktops that you are managing as PCs by using the Intune software client. If you want to manage updates for Windows PCs enrolled as mobile devices, see Manage software updates in Intune.
Microsoft Intune can help you to secure your managed computers in a number of ways, including the management of software updates that keep your computers up-to-date by ensuring the latest patches and software updates are quickly installed.
If you have not yet installed the Intune client on your computers, see Install the Windows PC client with Microsoft Intune.
When new updates are available from Microsoft Update, or you have created a third-party update, and they are applicable to your managed computers, a notification is displayed on the Overview page of the Updates workspace. After you choose this notification link, you can then perform various operations like viewing more information about the update, approving or declining the update, and viewing the computers that will install the update if it is approved.
Important
Microsoft database utiklity keeps coming up on mac. The Updates workspace is not displayed in the administrator console until you have installed the client on, and are successfully managing at least one computer client.
As updates are approved and installed, you can examine the success or failure of the installation in the Updates workspace of the Intune console.
The following sections will help you to keep software up-to-date on your managed computers.
Before you start
Before you begin to create and approve software updates, configure and deploy polices to your computers that control when and how the updates are installed.
To configure update policy settings
In the Microsoft Intune administration console, choose Policy > Overview > Add Policy.
Configure and deploy a Microsoft Intune Agent Settings policy for the update settings. You can use recommended settings or customize the settings. If you need more information about how to create and deploy policies, see Common Windows PC management tasks with the Microsoft Intune computer client.
The following table shows the values you can configure in the policy and also the recommended values that will be used if you don't customize the policy. You can find these settings in the Updates section.
| Policy setting | Details |
|---|---|
| Update and application detection frequency (hours) | Specifies how frequently (from 8-22 hours) Intune checks for new updates and applications. Recommended value: 8 hours. |
| Automated or prompted installation of updates and applications | Specifies whether updates are installed automatically or whether the user is prompted before installation. Additionally, this setting lets you schedule the installation of updates and applications. Install updates and applications automatically as scheduled installs updates and applications using the specified schedule. As a dependent policy setting, Use Automatic Maintenance for Windows computers specifies that updates and applications are installed during the Windows Automatic maintenance window. Prompt user for installation prompts the user to install updates when they are ready. Recommended values: Install updates and applications automatically as scheduled selected Day scheduled: Every day Time scheduled: 3:00 AM Use Automatic Maintenance for Windows computers selected |
| Allow immediate installation of updates that do not interrupt Windows | Allow installs updates immediately after they are downloaded, except for updates that would interrupt or restart Windows. Those updates are installed according to the configuration of the Automated or prompted installation of updates setting. Do not allow installs updates according to the configuration of the Automated or prompted installation of updates setting. Recommended value: Allow |
| Delay to restart Windows after installation of scheduled updates and applications (minutes) | Specifies (from 1-30 minutes), the time to wait to restart Windows after the installation of scheduled updates and applications. Recommended value: 15 minutes |
| Delay following Windows restart to begin installing missed scheduled updates and applications (minutes) | Specifies (from 1-60 minutes), how long to wait to start the installation of updates and applications after Windows is restarted when a scheduled update was missed. Recommended value: 5 minutes |
| Allow logged-on user to control Windows restart after installation of scheduled updates and applications | Specifies whether the logged-on user can delay restarting Windows (if set to Yes), or be notified of the automatic Windows restart (if set to No). If no user is logged on when the scheduled installation of updates and applications is completed, Windows is restarted automatically when required. When set to No, by default, the time before Windows restarts is set to 5 minutes. Recommended value: Yes |
| Prompt user to restart Windows during Intune client agent mandatory updates | Specifies whether the logged on users is prompted to restart Windows when an Intune client mandatory update requires Windows to restart. Recommended value: Yes |
| Microsoft Intune client agent mandatory updates installation schedule | Schedules when the installation of client updates occur. Recommended value: not configured |
| Delay between prompts to restart Windows after installation of scheduled updates and applications (minutes) | Specifies how frequently (from 1-1440 minutes) the user is prompted to restart Windows when a scheduled update or application that requires restarting Windows is installed, and the user delays the restart. Recommended value: 30 minutes |
Update software made by Microsoft
Updating Microsoft software requires very little work from you. However, before you start, there are two things you should configure:
Product categories and update classifications – Defines the categories and classifications of the updates you want to make available to computers. For example, you might decide that you only want critical updates for Microsoft Office to be installed.
Automatic approval rules – These rules automatically approve specified types of update and reduce your administrative overhead. For example, you might want to automatically approve all critical software updates.
Use the following two procedures to help you get ready to use software updates:
Configure the product categories and update classifications you want to make available to managed computers
In the Microsoft Intune administration console, choose Admin > Updates.
On the Service Settings: Updates page, in the Product Category list, select the update categories that you want to make available to computers. Note that the most common updates are selected by default.
Important
To ensure that computers receive the updates that have been approved by the admin, the Windows Server Update Services (WSUS) Group Policy setting, Specify Intranet Microsoft update service location must not be applied to computers that have been enrolled with Intune.
In the Update Classification list, select the classes of update that you want to make available to managed computers. Again, the most common options are selected by default.
Choose Save to store your selections.
To configure automatic approval rules for software updates
In the Microsoft Intune administration console, choose Admin > Updates.
In the Automatic Approval Rules section of the Server Settings: Updates page, choose New.
On the General page of the Create Automatic Approval Rule Wizard, specify a name and optional description for the rule.
On the Product Categories page, select any products for which you want to have updates approved automatically.
On the Update Classifications page, specify the update classifications that you want to have approved automatically.
On the Deployment page, do the following:
Select the computer groups to which you want to deploy the new rule, and then choose Add.
To specify an installation deadline for the updates, select the Enforce an installation deadline for these updates check box, and then on the Installation deadline list, select the installation deadline.
Note
If you specify an installation deadline, the managed computer might require one or more restarts after the deadline interval has passed.
When you are finished, Choose Next.
On the Summary page, review the settings for the new rule, and then choose Finish.
The new rule is shown in the Automatic Approval Rules section of the Service Settings: Updates page.
Update Mac Os X 10.6.8
Note
When you create an automatic approval rule, it only approves future updates, and does not automatically approve previously existing updates that already exist in Intune. To approve these updates you need to run the automatic approval rule.
To edit, run, or delete an automatically approved update rule
In the Microsoft Intune administration console, choose Admin > Updates.
In the Automatic Approval Rules section, select a rule, and then do one of the following:
To edit the rule, choose Edit, and then change the rule's parameters in the Update Auto Approval Rule Wizard.
To run the rule, choose Run Selected.
To delete the rule, choose Delete.
Note
Deleting a rule does not affect previous updates that were approved by the deleted rule.
Update software not made by Microsoft
Doe Microsoft Intune Update Mac Computers Windows 10
You can deploy updates for software that is not made by Microsoft. You do this by using the Upload Update wizard to get the update into your Cloud Storage space, after which you can approve or decline the update just like with Microsoft software.
To upload and configure a third-party update
In the Microsoft Intune administration console, choose Updates > Overview > Upload.
On the Update files page, choose Browse to select the setup files that are required to install the update package. The file can be a Windows Installer (.msi) file, a Windows Installer patch (.msp) file, or a .exe program file. You can also include any additional files or folders that are in the same folder as the setup file.
The total size of the selected files to upload is displayed. Note that this size does not include the uncompressed or expanded sizes of installation files.
After you specify the setup files, the Update description page displays the name, description, and classification for software information that Intune extracted from the software setup files. You can select a classification to label the type of update you are deploying (Updates, Critical Updates, Security Updates, Update Rollups or Service Packs). Choose Next when you are done.
On the Requirements page of the wizard, choose the architecture (32-bit, 64-bit, or both), and the operating systems of the managed computers to which this update will be applicable.
On the Detection rules page, specify how Intune determines whether the update already exists on managed computers. If you use the default option, Use the default detection rules, Intune always installs the update package on each targeted computer once.
Note
If the update setup file that you specified is a Windows Installer or .msp file, the Detection rules page of the wizard does not appear. This is because Windows Installer and .msp files contain their own instructions for detecting previous update installations.
Select one or more of the following rules to determine whether the update is already installed on managed computers:
File exists
MSI product code exists
Registry key exists
Provide any further information that is required to configure the detection rule such as a file path and name, Windows Installer product code, or a registry key, and then choose Next.
On the Prerequisites page of the wizard, you specify any software that must already be installed before this update can be installed. You can specify None, select a software package that has already been added to, and is managed by Intune, or you can specify one of the following rules to describe the software:
File exists
MSI product code exists
Registry key exists
Provide any further information that is required to configure the detection rule like a file path and name, Windows Installer product code, or a registry key, and then choose Next.
On the Command line arguments page of the wizard, you can add any required installation properties to the installation command line to modify the behavior of the setup file. For example, some software supports the /q property to enable silent installation. Refer to the documentation for your software package to learn about any supported command line arguments. Specify any command line arguments you need and then choose Next.
Note
If the update does not support silent installation, you cannot install the update using Intune
On the Return codes page of the wizard, you can specify how return codes from the update installation are interpreted. By default, Intune uses industry-standard return codes to report a failed or successful installation of an update package. The supplied return codes are:
| Return code | Details |
|---|---|
| 0 | Success |
| 3010 | Success with restart |
Any return code that is not listed is considered a failure.Some updates use nonstandard interpretations for return codes. In this case, you can specify your own return code interpretations.
Specify or edit the required return codes, and then choose Next.
On the Summary page of the wizard, review the actions that will be taken, and then choose Upload to complete the wizard.
The uploaded update is stored in your Intune cloud storage. If you have insufficient free space to upload the update package, you are notified of this during the upload process. Intune cannot determine sufficient free space until after the update upload has started, because compressed setup and installation files require more space when they are uncompressed.
After it is uploaded into Intune, a third-party update is displayed in the Updates workspace in the All Updates pane. You can then approve and deploy the update. For more information, see the following 'Approve and decline updates' section.
Approve and decline updates
When updates are ready to install, a message is shown on the Updates Overview page of the Updates workspace, under Update Status. Choose this message to open the All Updates page to see which updates are ready for approval.
You can use the Filters list to make it easier to find updates. For example, you can display only updates that failed, or updates that are superseded.
When you select an update from the list, further commands are available that let you manage updates as shown in the following table:
| Task | Details |
|---|---|
| View Properties | Displays detailed information about the update including the number of computers to which it is applicable. |
| Edit | For non-Microsoft updates only. Allows you to edit the properties of the update. |
| Approve | Approves the selected update and allows you to configure which groups is will be deployed to. For more information, see the procedure To approve updates in this topic. |
| Decline | Removes any previous approvals for the update and hides the update from the default views. Additionally, any report data for the update will be removed. If you later want to locate a declined update, set the filter on the All Updates page to Declined. You can then approve this update as required. If an update was declined because the update was expired in Microsoft Update, that update cannot be approved in the Intune administration console. If you delete an updates policy that is deployed to computers, the values of those updates policy settings are reset to the default state for the operating system that is installed on the computers. |
| Delete | For non-Microsoft updates only. Deletes the selected update. |
| Upload | Starts the Upload Update wizard that allows you to upload non-Microsoft updates that you want to deploy. |
To approve updates
In the Microsoft Intune administration console, choose Updates > Overview > New updates to approve.
In the Updates workspace, choose Overview > New updates to approve.
Note
The New updates to approve link appears in the Updates Status area only when there is at least one managed computer that needs an update to be approved.
Select an update, review the update properties at the bottom of the page to ensure that you want to approve the update, and then choose Approve. You can select multiple updates by holding down the CTRL key as you select each item.
On the Select Groups page, select a group that you want to deploy the updates to, and then choose Add. When you have finished specifying groups, choose Next.
On the Deployment Action page, do the following for each group in the list:
On the Approval list, select one of the following:
Required Install - Installs the update on computers in the specified group.
Do Not Install - Reports applicability only and does not install the update.
Available Install – The user can install the application on demand from the Company Portal.
Uninstall - Removes updates from computers in the targeted group.
Important
The update is removed even if it was not installed by Intune.
On the Deadline list, select one of the following:
None - Indicates that no deadline is enforced for the installation of the update and users may decline the update continually.
As soon as possible - Installs the update at the next opportunity on targeted computers.
Custom - Specifies the date and time that approved updates are installed.
One week, Two weeks, One month – Installs the update within the specified time period.
Choose Finish to save the settings, or Cancel to discard the settings and return to the updates list.
Important
Unless the action Do Not Install, Required Install, or Uninstall was explicitly configured for a child group, an action configured for a parent group is inherited by all its children.
You can check the details pane at the bottom of the All Updates page for reminder messages about the update.
See also
-->Applies to: Configuration Manager (current branch)
Follow the high-level steps in this article to upgrade the client for Mac computers by using a Configuration Manager application. You can also download the Mac client installation file, copy it to a shared network location or a local folder on the Mac computer, and then instruct users to manually run the installation.
Note
Before you do these steps, make sure that your Mac computer meets the prerequisites. See Supported operating systems for Mac computers.
Download the latest Mac client
The Mac client for Configuration Manager isn't supplied on the Configuration Manager installation media. Download it from the Microsoft Download Center, Microsoft Endpoint Configuration Manager - macOS Client (64-bit). The Mac client installation files are contained in a Windows Installer file named ConfigmgrMacClient.msi.
Create the Mac client installation file
On a computer that runs Windows, run ConfigmgrMacClient.msi. This installer unpacks the Mac client installation file, named Macclient.dmg. By default, you can find this file in the following folder: C:Program FilesMicrosoftSystem Center Configuration Manager for Mac client.
Extract the client installation files
Copy Macclient.dmg to a Mac computer. Mount the Macclient.dmg file in macOS, and then copy the contents to a folder on the Mac computer.
Create a .cmmac file
Open the Tools folder of the Mac client installation files. Use the CMAppUtil tool to create a .cmmac file from the client installation package. You'll use this file to create the Configuration Manager application.
Copy the new CMClient.pkg.cmmac file to a network location that's available to the computer running the Configuration Manager console.
For more information, see the Supplemental procedures to create and deploy applications for Mac computers.
Create and deploy the app
In the Configuration Manager console, create an application from the CMClient.pkg.cmmac file.
Deploy this application to Mac computers in your hierarchy.
Install the updated client
The existing Configuration Manager client on Mac computers will prompt the user that an update is available to install. After users install the client, they must restart their Mac computer.
After the computer restarts, the Computer Enrollment wizard automatically runs to request a new user certificate.
If you don't use Configuration Manager enrollment, but install the client certificate independently from Configuration Manager, see Configure clients to use an existing certificate.
Configure clients to use an existing certificate
Use this procedure to prevent the Computer Enrollment Wizard from running, and to configure the upgraded client to use an existing client certificate.
In the Configuration Manager console, create a configuration item of the type Mac OS X.
Add a setting to this configuration item with the setting type Script.
Add the following script to the setting:
Add Mac To Intune
- Add the configuration item to a configuration baseline. Then deploy the configuration baseline to all Mac computers that install a certificate independently from Configuration Manager.