So – I’ve been WFH since Covid. My workplace is all Windows, but I don’t have a company computer of any sort because I don’t have room for that in my life. I do all my work via remote desktop to a company VM using what Microsoft recently renamed to “Windows App”, while connected using GlobalProtect VPN. However, I have been running Microsoft Teams locally on my Mac to avoid making audio/video calls go through the remote desktop connection.
A few years back we adopted Microsoft’s InTune mobile device managment system as a requirement for iOS and iPadOS access to company resources. I’ve had that on my iPhone, but not on my iPad, simply because I don’t need it.
Well, as of this evening, it appears that running Teams locally on my Mac now requires enrolling the Mac in MDM as well. Who knew my Mac Studio was ‘mobile’? This also uses inTune, and I was automatically re-directed to the download for the Company Portal app.
Has anyone out there worked with company-managed inTune on a personally owned Mac? I’ve survived having it on my phone with relatively few issues, mostly related to the fact that links live in a locked-down ecosystem and Edge is finicky. It blocks screen shots and limits copy/paste when I’m in a work app. I think my phone is configured so that my personally-licensed Office apps live outside the box, and I would do the same for my Mac.
Looking for any feedback from people who have been forced into this system.
I was WFH from 3/2020 until I retired in 1/2025. My employer (a large state University) tried unsuccessfully to use InTune and then JAMF on our remote Macs. Always “going to work great” REAL SOON NOW.
They never got it to work, either on personally-owned machines or University boxes. AFAIK, they have bagged the project and are now going with some form of posture-checking on a VPN.
Update – they actually just locked down company login from personally owned Macs and PCs completely. Apparently the “please download InTune” redirect actually shouldn’t be there. So now I just have to hope that the connections between my home and my VM are good enough that I can run Teams on the VM and still have working video/audio.
It’s really a tough problem. Organizations have to protect their data, and the legal ramifications of failing to do so can be severe, while end-users rightly expect convenient access to the resources needed to do their work. It’s challenging enough to balance the trade-offs on a company-owned device, but adding personal devices to the mix can be a nightmare of complexity. Good luck!
InTune isn’t just a “mobile” device management solution. It’s an endpoint management solution - whether that endpoint is corporate, personal, mobile, or desktop. The company I used to work for pre-retirement was a Windows/Azure shop and used InTune on its corporately owned Macs.
Gah… all those restrictions I am personally familiar with. I took a College supplied MBPro (M1 very underpowered) just to deal with Teams, Outlook and Edge. All of my actual teaching and work is on my own Mac. I use SyncThing to have a shared folder on both Macs and use Blip on all devices, iPads and iPhone to move files around quickly. Both work with Windows too, I don’t have Windows in my mix thankfully.
In my College they don’t let you be an admin on College supplied laptops. But if work supplies a Mac you can at least install apps in your Home folder so long as they don’t require security triggering permissions. You can install Zoom but not share screens for example, Blip, SyncThing and a set of other useful utilities have smoothed a few workflows for me. Still can’t get emails automatically forwarded… In these security minded times such is life within large institutions.
Apple’s centralized configuration options, which are used by Intune, JAMF, and the rest, still get called “Mobile Device Management” / MDM even on desktop Macs because they started out as a way to ease corporate adoption of iPhones. Apple added the same options to MacOS in the hopes of doing the same thing with Macs, but the name stuck.
(Apple has begun using the more general term “Device Management” in more recent docs.)