Microsoft Intune: Managed device attestation for iOS/iPadOS and macOS device enrollment and ADE

🚨 The Signal: Intune now supports managed device attestation for Apple devices during enrollment. This enhances trust by verifying device integrity before granting access, improving the security posture for BYOD and corporate-owned Apple devices.

The Impact

Security teams and Intune administrators are affected, as this improves device trust and reduces the risk of compromised devices accessing corporate resources.

• Security Teams: Reduced risk from untrusted Apple devices accessing resources.
• Intune Administrators: New configuration options for Apple device enrollment policies.
• End Users (BYOD): Potentially stricter enrollment requirements for personal Apple devices.
• End Users (Corporate): Enhanced trust for corporate Apple devices accessing data.

The Action

1. Review existing iOS/iPadOS and macOS enrollment profiles in Microsoft Intune.
2. Evaluate the new managed device attestation capabilities for Apple devices.
3. Plan and test the implementation of attestation for new BYOD and ADE enrollments.
4. Communicate updated enrollment requirements to Apple device users.

Domain: Intune · Impact: high · Workload: Intune