Set Privacy settings for apps on MacOS through InTune

In this article, we'll explore how to deploy application privacy settings to macOS devices through InTune and ensure that your organization's data stays secure.

Depending on the app and permission required there are two ways we can set application permissions through InTune.

Apply permissions through a Device Restrictions profile

You can set Privacy settings in a device restrictions profile, in this policy you can add privacy settings but you will need some information first.

To add a policy you will need the Apps Bundle ID (i.e. com.microsoft.OneDrive) and the apps code signature, you can get both of this information from running a command in terminal on a Mac with the app installed.

Finding the Code Requirement and BundleID of an application on MacOS

1. Open the Terminal app on the Mac
2. In a new window, type codesign -dr - [PATH TO APPLICATION]
3. Find the text starting with "designated =>" (this is the Code Requirement) and the identifier is the BundleID
   
   

   
   

   
   
   If you need a more detailed guide these steps have been based on the well documented article from addigy:
   Addigy - How To Get The Team ID, Bundle ID, and Code Requirement
   
   

You can then take this information to create the privacy policy for the application in the Device Restrictions profile in InTune under Privacy preferences, click the option to add an application and then supply the app bundleID, code signature, and Name.

Apply permissions through a Custom Profile

You can also use iMazing Profile Editor to create profiles with settings that are not available in InTune and deploy as a custom profile.

This is an example of one I created to allow Teams the Screen Sharing Permission:

You can save that policy as a .mobileconfig file, then in InTune create a Custom policy and upload the mobileconfig file.