This guide demonstrates different methods to enable stealth mode on macOS using Intune. Enabling stealth mode prevents the Mac from responding to probing requests. The computer still answers incoming requests for authorized apps.
Stealth mode is an important security feature on Mac devices. Disabling this feature can make the computer vulnerable to attack, even in managed corporate domain networks and behind edge firewalls. Therefore, it is strongly recommended that you keep stealth mode active and disable it only if it is required.
In our previous guide, we demonstrated multiple methods for configuring macOS firewall settings with Intune. In addition to enabling the firewall, you can also turn on stealth mode on Mac devices with Intune. Make sure the Mac devices are enrolled in Intune before configuring the stealth mode.
Enable Stealth Mode on macOS using Intune
The stealth mode for macOS in Intune can be enabled or disabled in multiple ways, which are listed below.
- Using Endpoint Security settings
- A device configuration profile
- Settings catalog policy to manage the Stealth mode
We will cover all the methods mentioned above, but the method you choose is entirely up to you. The end goal, regardless of the method used, is the same: to enable macOS stealth mode. On Mac devices, the firewall must be enabled before enabling stealth mode via Intune.
Note: If you have already applied the Firewall settings using any of the methods above, you can turn on the stealth mode by simply editing the configuration settings. This should be much easier than configuring a separate policy for stealth mode.
1. Endpoint Security Policy
In this method, we create a firewall policy for endpoint security and enable macOS stealth mode.
Sign in to the Microsoft Intune admin center. Go to Endpoint Security > Firewall and select Create Policy. Choose macOS as the platform and profile as macOS firewall and click Create.
Specify the policy name and description. On the Configuration Settings page, make sure the firewall is enabled. Next, set the Enable Stealth Mode to Yes and click Next. Assign this policy to your Mac device groups and complete the remaining steps. That is it; when the Mac devices sync with Intune, the stealth mode is enabled.
2. Settings Catalog Policy
In this method, we will use the Intune settings catalog policy to enable stealth mode on macOS. Again, this method requires enabling the firewall before turning on the stealth mode.
In the Intune admin center, go to Devices > macOS devices and select Configuration. Under Policies, select Create > New Policy. Select Settings Catalog as Profile type and click Create.
In the Configuration Settings section, under Settings Catalog, click Add Settings. On the Settings picker window, type “Stealth Mode” in the search box and click Search. From the search results, click on the category Networking > Firewall, select the setting “Enable Stealth Mode,” and close the Settings Picker.
Make sure you configure the settings.
- Enable Firewall: Yes
- Enable Stealth Mode: Yes
Click Next and assign this policy to your Mac device groups. When the Mac devices sync the policies with Intune again, the settings are applied, and stealth mode is enabled.
3. Endpoint Protection Settings
The endpoint protection settings control security on macOS devices, such as FileVault 2 encryption, Gatekeeper, and the firewall. You can enable both firewall and stealth mode by creating a new device configuration profile and assigning it to macOS devices.
In the Intune admin center, go to Devices > macOS > Configuration. On the Policies tab, select Create. On the Create a profile page, set the following options, and then select Create:
- Platform: macOS
- Profile type: Templates
- Template name: Endpoint protection
On the Configuration Settings page, configure the following settings:
- Enable Firewall: Set this to Yes
- Enable Stealth Mode: Set this to Yes
Continue to the next step: assign the configuration profile to your macOS devices. On the Review + Create page, when you’re done, choose Create. When this configuration profile is applied to targeted Mac devices, both the firewall and stealth mode are enabled.
Verify Stealth Mode Configuration on Mac devices
After enabling stealth mode on macOS devices with Intune, we will now verify if our Mac devices have successfully received those settings. The only way to accomplish this is to log into one of the Mac devices and check the firewall configuration.
Here is how you can check if stealth mode is enabled by the Intune policy on your Mac device:
- In the top-left corner, click on the Apple icon and select System Settings.
- Go to Network and select Firewall > Options.
- Here you can find out whether the stealth mode is enabled or disabled.
In the below screenshot, you can see the Enable Stealth Mode setting is enabled using the Intune policy. For Mac users, the stealth mode setting is greyed out, suggesting that it is now managed by Intune.
Still Need Help?
If you need further assistance on the above article or want to discuss other technical issues, check out some of these options.