A ready-to-use Apple configuration profile (.mobileconfig) to deploy a password policy on macOS devices managed by Microsoft Intune.
This profile is intended to help administrators meet common security recommendations such as Microsoft Secure Score, CIS benchmarks, and internal security policies.
The template validates the following macOS secure score settings:
- Set account lockout threshold to 5 or lower in macOS
- Set minimum password length to 15 or more characters in macOS
- Set 'Maximum password age' to '90 or fewer days, but not 0' in macOS
- Set 'Enforce password history' to '24 or more password(s)' in macOS
- Microsoft Intune
- macOS devices enrolled in Intune
- Administrator permissions to create Configuration Profiles
Link : macOS | Configuration
- Create new Policy
- Custom Template
- Name : Recommanded security rules (password policy template)
- Custom configuration profile name : com.apple.mobiledevice.passwordpolicy.mobileconfig
- Configuration profile file : Upload the
com.apple.mobiledevice.passwordpolicyfile from this repository.
- All devices
It is recommended to:
- Test on a small pilot group first.
- Verify deployment in Intune.
- Confirm the password policy is applied on macOS.
- Ensure users are informed if a password change is required.
This template is based on Apple’s macOS passcode configuration profile documentation: https://developer.apple.com/documentation/devicemanagement/passcode
- https://learn.microsoft.com/intune/device-configuration/custom-settings-configure
- https://learn.microsoft.com/intune/fundamentals/deployment-guide-enrollment-macos
This project is provided as-is without warranty.
Always validate configuration profiles in a test environment before deploying them to production devices.