email: [email protected]

Full Disk Access Configuration Profile

1. Full disk access and authorization are necessary for Intune and MDE to protect macOS devices. The configuration profile enables transparency, consent, and control (TCC) to grant full disk access to MDE. To create the configuration profile, follow these steps:
2. Download the configuration file from https://raw.githubusercontent.com/ microsoft/mdatp-xplat/master/macos/mobileconfig/profiles/ fulldisk.mobileconfig and save it to the temporary location where you stored the macOS onboarding package.
3. On the Devices | Configuration profiles page in the Intune admin center (https://endpoint.microsoft.com), click Create profile.
4. On the Create a profile flyout, under Platform, select macOS. Under Profile type, select Templates and then choose Custom. Click Next.
5. On the Basics tab, enter a name and description and click Next.
6. On the Configuration settings tab, enter a custom configuration profile name to identify this configuration.
7. Under Deployment channel, select Device channel.
8. Under Configuration profile name, click the folder icon and browse to the folder containing the downloaded configuration file. Select the fulldisk.mobileconfig file and click Next.
9. On the Assignments tab, under Included Groups, choose to add groups containing devices that will be in scope for the policy.
10. On the Review + create tab, verify the settings and click Create.

Next, you’ll create a configuration profile for managing the device’s network traffic from an EDR perspective.