Building a MacOS virtual Machine

Recently I’ve been working with using Apple Mac’s and Intune together, coming from the Microsoft world I’ve been using VM’s for over a decade. There has been a couple of times where I needed to have a Mac Virtual machines for documentation, and testing purposes.

Previous to owning a Mac I’ve attempted multiple times to use MacOS on ESX, Hyper-V VMware Workstation, each of them have always “worked” but always had an issue which would result in a less than ideal experience. With the purchase of my first MacBook Air I started playing around with VMware Fusion, and Parallels Desktop Lite, both of which appear to be quite functional. In the end I decided to invest in VMware Fusion for the ability to be able to define a custom serial number for the VM to facilitate testing of DEP solutions.

I’ve completed a screen capture of the process of creating a VM in VMware Fusion, it’s important to note that you MUST restart your Mac after installing the VMware Fusion software, but before creating your first VM. I call this out as VMware doesn’t during the installation process.

Note: I have removed parts of the video to speed it up, the process on my MacBook Air takes around 40 minutes to run end to end.

Good Luck

Steve

MacOS DEP enrollment with Intune – Part 1 (The Setup)

With all of the Modern Desktop projects we have been working on recently we have been getting requests around the support of that executive/senior manager in the corner office Apple device.

These conversations have traditionally gone one of two ways, the all care no responsibility approach where we will setup office and give them emails with limited support, or just a flat no we will not support them.

Around 6 months ago I realized that I should spend some time to understand the platform to provide a rounded recommendation for my client. Starting with the cheapest MacBook Air I could find I pushed myself to first understand how the Operating System worked, then what we can use Intune to manage. For those of you who have seen me running around with it you have seen the great stickers I found for it, for those who haven’t seen it well.

AppleLid.jpg

So enough of the waffle around why an ardent Microsoft guy is blogging about Apple on an Intune blog. This is the first blog of a few which will detail my experiences enrolling Macs into Intune and then managing them.

With Microsoft we have Windows AutoPilot, this requires device registration either by the vendor at the factory then into your Intune tenant, or by harvesting the Hardware Hash for existing devices.

In the Apple world the equivalent system is called the Device Enrollment Program (DEP), the same one you use for your iPhone’s & iPad’s albeit with a very minor difference. Existing iPhone’s & iPad’s can be manually imported into the DEP system from an Apple MacOS using the Apple Configurator 2 application, which is a great solution to start companies onto the journey for MDM, on the other hand Mac devices can not be manually loaded into the DEP system.

It is even worse then this, the advice I have been able to get from multiple Apple stores is that the Mac’s can only be registered into the DEP system at factory. Thankfully Vigilant.IT has a company account with Apple that i was able to procure a Mac to validate this solution. The process to do this was reasonably painless, and once the order was accepted the new Mac’s serial number appeared in the DEP console.

What I found surprising was that I could create a VM with VMWare Fusion and assign the serial number and it would appear to be DEP Registered, and allows for high fidelity screen captures, as an aside i attempted the same process with Parallels and host VM Serial number was passed through which is less then ideal.

To set the Serial Number in VMWare I followed this process: https://kb.vmware.com/s/article/1014782 to edit the VMX file and add the following lines:

SMBIOS.use12CharSerialNumber = “TRUE”
serialNumber = “myserialnumb”
hw.model = “MacBookAir8,1”

This will set the Serial number to what you want it to be, in this case the serial number from the DEP system. You might ask what happens when the real device comes online, well for the Apple DEP system it doesn’t worry about what hardware is being used it just has a MacOS requesting it’s DEP Policy, while in Intune it is the last device that is registered into the system which will be fully managed.

Now we have the setup to test and validate the MacOS DEP solution, keep a look out for the next blogs in the series.

Cheers

Steve