macOS Profile installation failed while Intune enrollment

Photo of author
Jatin Makhija
0

Enrolling your personal BYOD Mac device is straightforward. It’s a two-step process that takes little time. The first step is configuring the Apple MDM push certificate on the Intune admin center, and the second is installing a Company Portal app on your Mac device.

During the macOS device enrollment through the Company Portal App, there’s a step where you need to download and install a Management Profile on the device. The download of the Management Profile usually goes smoothly, but when you attempt to install it, an error message pops up, saying Profile Installation failed. The exact error message is:

Profile Installation Failed. Could not obtain the final profile using the Encrypted Profile Service. The credentials within your profile may have expired. Try downloading a new profile.

“Profile Installation Failed”. Could not obtain the final profile using the Encrypted Profile Service. The credentials within your profile may have expired. Try downloading a new profile.
Profile Installation Failed Error during macOS Intune Enrollment

The error message indicates that the credentials within your profile might have expired and recommends downloading a new profile. However, even if you attempt this multiple times, whether by restarting the app or signing out and then signing back into the Company Portal app, you still encounter the same error message.

Pre-Checks

  • Make sure the Mac device is running macOS 11 and later.
  • Make sure the User has been assigned an Intune License.

Possible Solutions

In addition to the above-mentioned checks, you should verify the following configuration in the Intune admin center. Ensure that it’s set up correctly.

  1. Enrollment device platform restrictions.
  2. Apple MDM push certificate verification.
  3. Update .vmx Configuration file for macOS Virtual Machine [Only if you are enrolling a macOS Virtual Machine].

1. Enrollment device Platform restrictions settings for macOS

You can control which devices can enroll in Intune by setting up device enrollment restrictions in Microsoft Intune. If Personally owned Mac devices are not allowed to be registered with Intune, you may get a Profile Installation Failed error. Let’s check and verify this configuration.

  • Sign in to the Intune admin center.
  • Devices > Enrollment.
  • Click on Device platform restrictions.
  • Find a device type restrictions policy that applies to all users in your organization. Click on the hyperlink for all users to check the policy settings.
Device type restrictions policy under Enrollment device platform restrictions
Device type restrictions policy under Enrollment device platform restrictions
  • Click on Properties and then Edit next to Platform settings to change the policy settings.
  • Make sure that macOS under the Personally owned column is set to Allow.
macOS enrollment restrictions settings on Intune admin center
macOS enrollment restrictions settings on Intune admin center

2. Apple MDM push Certificate verification

To enroll a macOS device with Intune, ensuring that the Apple MDM Push certificate is configured correctly and not expired is important. To check its status, follow these steps:

  • Sign in to the Intune admin center.
  • Devices > Enrollment.
  • Under the Apple tab, Click on the Apple MDM Push certificate

Make sure the Status is Active and the certificate is Not Expired.

Apple MDM push Certificate verification
Apple MDM push Certificate verification

3. Update .vmx Configuration file [Only When you are enrolling a macOS Virtual Machine]

Creating a macOS virtual machine using VMWare Workstation and enrolling it in Intune is possible. However, because it’s not an actual physical device, enrolling a macOS virtual machine in Intune presents some challenges. For example, you might encounter a Profile Installation failed error message when trying to install the management profile.

You can modify the .vmx file of the macOS virtual machine and enroll the device in Intune. You can follow these steps to resolve this issue:

  • First, make sure your macOS Virtual Machine is turned off.
  • Locate the Virtual Machine Installation folder within the VMWARE Workstation.
  • Right-click on the VM, then click on Settings.
  • In the Options tab, look for Working Directory.
  • Inside the Working Directory, find the .vmx file in the Installation directory.

1. Update below line

board-id.reflectHost = "FALSE"

2. Add below lines at the end of the file

Copy and paste the lines below at the end of the .vmx file. Don’t worry about serial numbers or other details; add these lines as they are.

board-id = "Mac-AB95B1DDAB278B95"
hw.model.reflectHost = "FALSE"
hw.model = "MacBookPro19,1"
serialNumber.reflectHost = "FALSE"
serialNumber = "C04939388580"
SMBIOS.use12CharSerialNumber = “TRUE”
  • After powering up the Virtual Machine and signing in with your credentials, follow these steps:
    • Click on the Apple logo located in the top-left corner.
    • Select About This Mac.

You’ll notice that the device’s model has been changed from Mac to MacBook Pro, and the serial number has also been updated.

Check the MacOS serial number. Click on Apple Icon > About This Mac.
  • Now, attempt to install the Management profile again. This time, it should install successfully. After the management profile is installed, you can verify it by following these steps:
    • Go to System Settings.
    • Select General.
    • Click on Profiles.
    • Double-click on the Management Profile to check its status.
Management Profile Rights to MDM Provider
Management Profile Rights to MDM Provider

Other Solutions for Profile Installation failed error [Only When you are enrolling a macOS Virtual Machine]

  • If you’ve double-checked all macOS-related configurations in the Intune admin center and ensured the .vmx file is set up correctly but still encounter this error, you can attempt to test the Management profile installation on a physical macOS test device. If it works on the physical device, it confirms that the enrollment configuration in the Intune admin center is set up correctly.
  • Another option is to delete all management profiles from your device, restart the device, and try to re-enroll it.
  • To check and confirm the Management profiles on macOS, Go to System Settings > General > Profiles > Select the Management Profile you want to delete and then press delete on the keyboard. If multiple profiles exist, you can delete them too and try to re-enroll your device using the Company Portal App.
  • If this does not work either, you can try to reset/reinstall MacOS from scratch and then try again.

Conclusion

This blog post explores various methods to resolve the failed Profile Installation error message when installing a Management profile on macOS. Review the Other Solutions for Profile Installation failed error section for additional troubleshooting steps to address this error.

If you are still facing this issue after following the troubleshooting steps in the blog post, you can create a ticket with Microsoft Support to check for any specific issues/solutions.

Leave a Comment

Comprehensive Step-by-Step Guides: SetUp/Troubleshooting/Configuring Solutions for Intune, Microsoft 365, Windows 365, PowerShell, Windows, Azure, and other Cloud Technologies.

About the author
Contact Us
Privacy Policies
Comment Policies
Cookie Policies

Enter your email address to subscribe to this blog and receive notifications of new posts by email.