Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

Paramount importance, protecting digital tools and information in a shifting environment. MacOS device protection requires careful management of user access and privileges. Through this detailed article, learn how to improve Mac security by disabling console logons via Microsoft Intune.

Why we Disable Console Logon?

Technical details aside, understanding the reasoning behind disabling console logon is vital before proceeding. Not managed correctly, console login poses security risks and offers troubleshooting benefits. Console login restrictions help protect your Mac against intruders.

With the launch of Intune Service update 2301 came login and background item inclusions. Automatic opening upon login, items now have the ability thanks to this feature provided by macOS. By doing things this same way, apps can be kept from operating in the background when users log in.

With Intune, how to disable console logon on macOS?

Disable console logon on Apple devices governed by Microsoft Intune through this step-by-step process. System preferences and security setting configuration by administrators grants control over console access.

  • Sign into the Microsoft Intune Admin portalhttps://endpoint.microsoft.com
  • Select DevicesConfiguration profiles > Create profile or navigate directly to macOS > Configuration profiles. Here, in this case platform will be populated.

Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

In the macOS Basics tab, enter the descriptive name for the new profile. For example, Disable Console Logon Profile, and provide a description for the profile to understand the policy usage and Select Next.

Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

In the Configuration settings section, With the settings catalog, you can choose which settings you wanted to configure. Click on Add Settings to browse or search the catalog for the settings you wanted to configure.

Search for (Console) or “Disable Console Access”. Select the “Login > Login Window Behavior” from the search result. Select “Disable Console Access” and close the pane.With this policy settings, configure Login Window Behavior payload to manage user logins, and more.

To enable console logon again, the next step is “Disable Console Logon” to toggle. A command line UI and Next clicking are ignored if true.

Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

Using Scope tags, we can assign a tag to filter the profile to specific groups. One can add scope tags based on the requirement and click Next to continue.

Now in Assignments, Included Groups, you need to click on Add Groups, choose Select Groups to include one or more groups basis on the need, and click Next to continue…

Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

In the Review + Create tab, you need to review your settings which you have created. After clicking Create, your changes are saved, and the profile will be assigned to the respective devices group.

Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

Notification will appear automatically if you can see it onto the top right-hand corner. One can easily see that the Policy “Disable Console Logon” was created successfully. Also, if you check the Configuration Profiles list, this Policy is visible in the console with the tag NEW.

Disable macOS Console Logon using Intune

Disable macOS Console Logon using Intune

Monitor and Verify

Once you have assigned the configuration profile, Intune will push the settings to your macOS devices. It may take some time for the changes to take effect. To verify that console logon has been disabled:

  1. On the target macOS device, open “System Preferences.”
  2. Navigate to “Security & Privacy.”
  3. Attempt to make changes that would require administrative privileges. You should be prompted to enter an admin password, indicating that console logon has been successfully disabled.

Security enhancements through Microsoft Intune involve disabling console logon for macOS. Follow these instructions to robustly guard your Mac against unlawful entry and preserve your essential data and resources.

Key to maintaining cybersecurity is vigilance, and this is something to remember. Security policy and configuration adjustments should follow changes in the threat landscape.

For more information about Intune you can simply visit and understand more about What is Intune?

Leave a Comment