Microsoft Security | Intune | Microsoft Intune MacOs
Managing macOS devices using Microsoft Intune
MacBook Pro does not lock when screen is closed when configured to be managed by intune
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(6.4, 23%, 10%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
JJ
0
Reputation points
We are encountering a serious security issue, whereby our Macbook air and pro devices do not lock when configured to me managed by Intune.
Initially I thought this was an Apple issue, but after a very very long discussions with Apple Support and posting this issue on Apple Discussion boards, https://discussions.apple.com/thread/256103595?login=true&sortBy=rank
The one Issue I have been experiencing and have reported repeatedly to apple as a security gap is the fact the setting "Require password after screen saver begins or display is turned off " becomes READ ONLY. (This setting has been configured by a profile).
Essentially, by activating In-tune security tools and manage a MacBook Pro to enhance security, the laptop will not LOCK!!! As the MacBook Pro will go to sleep then turn on without a password!!!!
Apple engineers pointed us to Microsoft and the need to map that setting to another configuration parameter and enable the user to input the manual configuration, and have the system enforce the lower limit.
We have an unacceptable situation, we need our machines to LOCK if left an attended. and I have no option to remove corporate management.
Based on this configuration the setting from intune will be triggered after 17 minutes. Screen saver 2+15. If the machine display turn off (the second setting) this will negate the locking. Anyone can open the laptop and have full access.
So for now, we have instructed users, to always manually click the LOCK key, i.e. the key where the fingerprint can be scanned.
This is a major security gap and I would appreciate someone from the intune team to provide insight / instructions how to fix it.
Microsoft Security | Intune | Microsoft Intune MacOs
{count} votes
-
JJ 0 Reputation points
2025-11-21T00:18:03.9433333+00:00 I believe the issue the setting below in intune is not mapped has been set in No applicable.
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(54.400000000000006, 90%, 15%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
Pauline Mbabu 1,710 Reputation points Microsoft Employee2025-11-25T13:25:19.87+00:00 Hello JJ,
You can try this:
In Intune:- Create a new configuration profile (Settings Catalog or Custom OMA-URI).
- Set:
-
Ask For Password= Enabled -
Ask For Password Delay= 0 -
Idle Time= 300 seconds (or less)
-
- Test on a pilot group before broad deployment.
- Communicate to users that manual lock (Touch ID or Apple Watch) is still best practice until policy sync completes.
if it doesn't work, kindly open a support request: https://learn.microsoft.com/en-us/services-hub/unified/support/open-support-requests?tabs=existing-support-request-process&pivots=existing
Sign in to comment
Sign in to answer