Guide in setting up newly provided MacBook
-
Make sure the user is added to "MEM - MacOS - Users" in Azure AD before continuing.
-
Get the user to run through the initial setup of the Mac, ensuring they choose a username in the same format as standard i.e. first initial surname.
-
Get the user to start up Team Viewer so we can connect.
-
Once connected, go to System Preferences > Users > add a new user called SSLAdmin and give it the password specified in LastPass. Make it an administrator. Confirm it works by locking and unlocking the padlock. Make it clear to the user that they are not to edit this account in any way.
-
Go to System Preferences > Sharing > Rename the Mac to LON-LAP-???? (number depends on its asset sticker).
-
Download the Intune Company Portal installer and run it https://go.microsoft.com/fwlink/?linkid=853070
-
Get the user to log into Company Portal with their ShipServ ID and follow the on-screen instructions. This includes installing some profiles. Eventually, you should see a warning prompt in Security about enabling Microsoft Defender ATP. If you can see the ATP icon in the bar at the top, then it has enrolled successfully.
-
Intune pushes a password policy to the laptop, so have the user try to unlock the padlock with their password. If it doesn't work, it means it doesn't meet the minimum requirements, in which case you need to go to System Preferences > Users > Change Password.
-
Install MS Office, FortiClient and LSAgent
-
Proceed installing the rest of necessary applications