A guest user account on a Mac device is a special account that does not require a password to log in. This account cannot access data in other user’s profiles or change the user or computer settings.
Files created by a guest user are stored in a temporary folder, but that folder and its contents get deleted when the guest logs out. By default, the Guest account on macOS devices is disabled.
To manually activate a guest user account on a Mac, login as an administrator, go to System Settings > Users & Groups, click on Guest User, and toggle Allow guests to log in to this computer.
We’ll create a Device Configuration profile on the Intune admin center and use a Settings Catalog policy called Enable Guest Account. Let’s check the steps.
Step-by-Step Guides
Table of Contents
Step 1 – Create a Device Configuration Profile
Follow these steps to create a Device Configuration profile and assign it to macOS devices:
- Sign in to the Intune admin center.
- Click on Devices > macOS > Configuration profiles.
- Click on Create > New Policy.
- Click on the Profile type drop-down and select Settings catalog.
Basics tab
Provide a Name and Description of the profile. Click on Next. For Example:
- Name: Enable Guest User Account on macOS devices
- Description: Provide a useful description.
Configuration settings
Click on + Add settings to open the Settings picker. Then, type Enable Guest and click on Search. Click on Accounts > Accounts category and Select Enable Guest Account. Click on Cross sign X to Exit from the Settings picker.
Now, Use the toggle switch to Enable the setting and click Next.
Scope tags
Click on Next.
Assignments
You can create a dynamic Entra security group to gather your organization’s macOS devices. Click on Add groups to include a group exclusively comprised of macOS devices. Click Next to continue.
Review + create
Review the profile summary and then click on Create.
Step 2 – Monitor Deployment Progress
To verify the success/failure of the profile deployment, follow these steps:
After you have deployed this device configuration profile, you will need to wait for the Device check-in process to complete.
If you’re testing this policy on a test device, you can manually kickstart Intune sync either from the device itself or remotely through the Intune admin center.
Alternatively, you can use PowerShell to force the Intune sync on macOS devices. Another way to trigger the Intune device check-in process is by restarting the device.
About Intune Device check-in
- Go to Devices > macOS > Configuration Profiles. Select the profile you want to monitor.
- Check under Device and user check-in status to confirm the success of the profile deployment.
- For additional details, click Device Assignment Status and Per Setting Status.
End-user Experience
To confirm if the Device configuration profile has been applied successfully from a target macOS device, follow these steps:
- Login on the targeted macOS device.
- Click on the System Settings Icon.
- Scroll down and click on Users & Groups. You’ll see a list of all user accounts on the right, including the Guest User account. After successfully applying the policy, you’ll observe that the account is enabled.
- After enabling the Guest User account, it will appear on the macOS device’s login page. Clicking on the Guest user will allow the user to log in without requiring a password.
More Information
For more information about a Guest account on Apple Mac devices, Please refer to the link: Change Guest User settings on Mac – Apple Support (UK).
