Having an account on every device with the same credentials is all-around bad practice. Niehaus has devoted a sizable chunk of his post to say: Just because you can, doesn’t mean you should. Before I do, however, I’m going to clearly restate what Mr. In this post, I’m going to borrow a topic Michael Niehaus wrote for Windows ( You can use Intune to create a local admin account, but that doesn’t mean its a good idea) and show you how we can do the same for MacOS and demote all other accounts to Standard users at the same time. Without leveraging a 3rd party utility like JumpCloud or NoMaD (now JAMF Connect) synchronizing passwords on MacOS with a centralized identity provider has always been a pain point let alone leveraging a rotating local admin password similar to LAPS. In one of my previous posts, I discussed Intune for MacOS and How It’s Different where I highlighted that unlike other MDM providers Intune does not create a managed admin account on MacOS. Always approach information you find outside (or inside for that matter) official documentation with skepticism and follow the golden rule: Never test in production. As the name suggests, these accounts are based on experiences I’ve had in my own lab. Disclaimer: This blog ( and this post especially) is not intended to be advice on how to manage your environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |