Enable Guest Account on MacOS using Intune

In this post, we’ll go over the steps to enable guest account on macOS using Intune. On macOS devices, you can enable the guest account by either using a shell script or through settings catalog in Intune.

On Macs, the guest user account lets other people use your computer without putting your own account at risk. This includes your browsing history, the apps you’re using, your current settings, and anything else you wouldn’t want other people to change or see.

By default, the guest user account is disabled on a new MacBook that you purchase. To configure the guest user account on a Mac, users have to manually enable the Guest User option under System Preferences. However, if the macOS devices are managed by Intune, you can use the settings catalog which is a preferred method to enable or disable the guest account.

Check out some useful guides on managing macOS devices with Intune:

• How to Enable Screen Sharing on MacOS using Intune
• Set MacOS Desktop Wallpaper using Intune
• How to Run Shell Scripts on macOS devices in Intune
• Manage macOS Software Updates using Intune

Prerequisites

Before you enable the guest user on macOS with Intune, listed below are some important prerequisites.

• Intune now supports macOS 10.15 and later. Review the Intune Monthly updates for more information.
• You must download and install Company Portal app for macOS before enrollment.
• The macOS devices must be enrolled into Intune. Refer to the guide on enrolling macOS into Intune.
• To log in to the company portal, you’ll need a user account with an Intune license.

Enable Guest Account on MacOS using Intune

Let’s create a new configuration profile that will enable guest account on macOS using Intune.

• Sign in to Microsoft Intune admin center.
• Go to Devices > macOS > macOS Devices.
• To create a new profile, select Create Profile.
• Choose the Profile type as Settings Catalog and click Next.

In the Basics tab, enter the following information.

• Name: Enter a descriptive name for the profile which you can easily identify them later. For example, a good profile name is ‘Enable Guest Account on MacOS using Intune‘.
• Description: Enter a brief description for the profile. This setting is optional, but recommended.

Click Next.

In the Configuration Settings section, under Settings Catalog, click Add Settings. The Settings catalog in Intune allows managing settings for macOS devices. You can select multiple settings and configure those settings and target it to devices and users.

On the Settings picker window, type “guest” in the search box and click Search. From the search results, select the setting: Accounts > Enable Guest Account. Close the Settings picker window.

Note: You also have a setting to disable guest accounts for macOS. Use this option to disable guest account on macOS.

For the setting “Enable Guest Account” turn the slider to the right that will enable the guest account on macOS devices. Click Next.

In Intune, Scope tags determine which objects admins can see. In the Scope tags section, you specify scope tags. Click Next.

In the Assignments tab, specify the groups to which you want to apply this policy. I advise testing the enablement of guest user on a few macOS devices first, and then rolling it out to more devices if the testing is successful. Select Next.

On the Review + Create page, review all the settings that you have defined to enable guest user on macOS devices via Intune and select Create.

After you create a configuration policy in Intune, a notification appears, “Policy created successfully“. This confirms the policy is created and is being applied to groups that we selected. The new profile that we created to enable guest account on macOS devices appears under the list of Configuration Profiles in Intune.

Monitor the macOS Guest Account Policy in Intune

In the above step, we assigned a configuration profile to macOS devices that will enable the guest user account. You can monitor the status of configuration profiles assigned to macOS devices/users in the Intune portal.

In the Intune admin center, navigate to Devices > macOS > macOS policies > Configuration Profiles. Select “Enable Guest Account on macOS” configuration profile, and here you can see Device and user check-in status. The device check-in status shows the number of devices on which the guest account has been enabled successfully, while the latter option applies to users.

From the screenshot below, we see the configuration profile that we assigned to enable the guest account on macOS has succeeded on devices. To view the macOS devices that have guest user account enabled, click View Report. In the next step, we will verify if the guest account is enabled on the macOS devices.

Verify if the Guest User account is enabled on macOS Devices

In this step, we will check to see if the guest account is enabled on macOS devices. I had to restart my MacBook once as there was an issue with company portal in synchronizing the policies. After the restart, the Guest User account was shown at the login.