I
Intune_Support_Team
We were recently alerted that some macOS devices may turn non-compliant after upgrading to macOS 15 if Stealth Mode is enabled in a device compliance policy. This setting is in the macOS compliance policy located under System Security. When stealth mode is enabled, the Mac devices do not respond to either “ping” requests or connection attempts from a closed TCP or UDP network. Stealth mode can be configured through compliance policy or by configuring firewall through the settings catalog.
Screen shot from the Microsoft Intune admin center of a macOS compliance policy.
After devices upgrade to macOS 15, they may report a non-compliant status with the Enable stealth mode setting showing an error:
Screen shot of an error for the Enable Stealth Mode setting.
Workaround
If you're experiencing an issue where the device turns non-compliant after upgrading to macOS 15, you can mitigate this by configuring the Stealth Mode setting to be Not configured for devices running macOS 15 and later:
Screen shot of Not Configured for Stealth Mode from the Intune admin center UI.
If you set Stealth Mode to Not configured in your device compliance policy, you can still enable Stealth Mode by configuring a device configuration policy to enable stealth mode on the device. This setting is located in the macOS settings catalog under Networking > Firewall:
Screen shot of where to enable Stealth Mode in the settings picker for Firewall.
Screen shot of the Enable Stealth mode in the firewall setting.
Additionally, if you want to prevent devices from upgrading to macOS 15, you can configure software update delay restrictions in the settings catalog. This will delay macOS 15 from being offered on devices for a specified period of time:
Screen shot of where to delay software updates.
We’ll continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out on X @IntuneSuppTeam.
Continue reading...
Screen shot from the Microsoft Intune admin center of a macOS compliance policy.After devices upgrade to macOS 15, they may report a non-compliant status with the Enable stealth mode setting showing an error:
Screen shot of an error for the Enable Stealth Mode setting.Workaround
If you're experiencing an issue where the device turns non-compliant after upgrading to macOS 15, you can mitigate this by configuring the Stealth Mode setting to be Not configured for devices running macOS 15 and later:
Screen shot of Not Configured for Stealth Mode from the Intune admin center UI.If you set Stealth Mode to Not configured in your device compliance policy, you can still enable Stealth Mode by configuring a device configuration policy to enable stealth mode on the device. This setting is located in the macOS settings catalog under Networking > Firewall:
Screen shot of where to enable Stealth Mode in the settings picker for Firewall.Screen shot of the Enable Stealth mode in the firewall setting.Additionally, if you want to prevent devices from upgrading to macOS 15, you can configure software update delay restrictions in the settings catalog. This will delay macOS 15 from being offered on devices for a specified period of time:
Screen shot of where to delay software updates.We’ll continue to update this post as new information becomes available. If you have questions or comments for the Intune team, reply to this post or reach out on X @IntuneSuppTeam.
Continue reading...