Microsoft Company Portal Mac Download

Posted on

Install Company Portal for macOS by using a macOS Shell Script. Company Portal for macOS can be downloaded and installed using the macOS Shell Scripts feature. This option will always install the current version of Company Portal for macOS, but will not provide you with application install reporting you might be used to when deploying applications using macOS LOB apps. Project Online Professional or Project Online Premium: If you have a subscription to one of the cloud-based solutions of Project you won't see an option to install it unless you have an assigned license.If you're the Microsoft 365 admin responsible for assigning licenses, see Assign licenses to users. The Microsoft Intune Company Portal for Android app is available from the Google Play Store to allow end users to download and install the app to their own device. For devices without access to the Google Play Store, administrators can download and deploy the Microsoft Intune Company Portal for Android. Download this app from Microsoft Store for Windows 10, Windows 10 Team (Surface Hub), HoloLens. See screenshots, read the latest customer reviews, and compare ratings for Company Portal. Microsoft Azure portal Build, manage, and monitor all Azure products in a single, unified console Cloud Shell Streamline Azure administration with a browser-based shell Azure mobile app Stay connected to your Azure resources—anytime, anywhere.

-->

The Company Portal apps, Company Portal website, and Intune app on Android are where users access company data and can do common tasks. Common task may include enrolling devices, installing apps, and locating information (such as for assistance from your IT department). Additionally, they allow users to securely access company resources. The end-user experience provides several different pages, such as Home, Apps, App details, Devices, and Device details. To quickly find apps within the Company Portal, you can filter the apps on the Apps page.

Note

The Company Portal supports Configuration Manager applications. This feature allows end users to see both Configuration Manager and Intune deployed applications in the Company Portal for co-managed customers. This new version of the Company Portal will display Configuration Manager deployed apps for all co-managed customers. This support will help administrators consolidate their different end user portal experiences. For more information, see Use the Company Portal app on co-managed devices.

Customizing the user experience

By customizing the end-user experience, you will help provide a familiar and helpful experience for your end users. To do this, navigate to Microsoft Endpoint Manager admin center, and select Tenant Administration > Customization, where you can either edit the default policy or create up to 10 group targeted policies. These settings will apply to the Company Portal apps, Company Portal website, and Intune app on Android.

Branding

The following table provides the branding customization details for the end-user experience:

Field nameMore information
Organization nameThis name is displayed throughout the messaging in the end-user experience. It can be set to display in headers as well using the Show in header setting. Max length is 40 characters.
ColorChoose Standard to choose from five standard colors. Choose Custom to select a specific color based on a hex code value.
Theme colorSet theme color to show across end-user experience. We'll automatically set the text color to black or white so that it's most visible on top of your selected theme color.
Show in headerSelect whether the header in the end-user experiences should display the Organization logo and name, the Organization logo only, or the Organization name only. The preview boxes below will only show the logos, not the name.
Upload logo for theme color backgroundUpload the logo you want to show on top of your selected theme color. For the best appearance, upload a logo with a transparent background. You can see how this will look in the preview box below the setting.

Maximum image size: 400 x 400 px
Maximum file size: 750KB
File type: PNG, JPG, or JPEG

Upload logo for white or light backgroundUpload the logo you want to show on top of white or light-colored backgrounds. For the best appearance, upload a logo with a transparent background. You can see how this will look on a white background in the preview box below the setting.

Maximum image size: 400 x 400 px
Maximum file size: 750KB
File type: PNG, JPG, or JPEG

Upload brand imageUpload an image that reflects your organization's brand.
  • Recommended image width: Greater than 1125 px (required to be at least 650 px)
  • Maximum image size: 1.3 MB
  • File type: PNG, JPG, or JPEG
  • It is displayed in these locations:
    • iOS/iPadOS Company Portal: Background image on the user's profile page.
    • Windows Company Portal: Background image on the user's profile page.
    • Company Portal website: Background image on the user's profile page.
    • Android Intune app: In the drawer and as a background image on the user's profile page.

Note

When a user is installing an iOS/iPadOS application from the Company Portal they will receive a prompt. This occurs when the iOS/iPadOS app is linked to the app store, linked to a volume-purchase program (VPP), or linked to a line-of-business (LOB) app. The prompt allows the users to accept the action or allow management of the app. The prompt will display your company name, or when your company name is unavailable, Company Portal will be displayed.

Brand image best practices

The right brand image can enhance the user's trust by presenting a strong sense of your organization's brand. Here are some tips you may want to consider for acquiring, choosing, and optimizing the image for the display locations.

  • Reach out to your marketing or art department. They may already have an approved set of brand images. They may also be able to help you optimize images as needed.
  • Consider both landscape and portrait composition. The image should have sufficient background surrounding the focal point. The image may be cropped differently based on device size, orientation, and platform.
  • Avoid using a generic, stock image. The image should reflect your organization's brand and feel familiar to users. If you don't have one, it's better to not use one than use a generic one that has no meaning to your user.
  • Remove unnecessary metadata. Image file can come with metadata such as camera profile, geo location, title, caption, and so on. Use an image optimization tool to strip out this information to maintain quality while meeting file size limit.

Brand image examples

The following image shows an example of the brand image on an iPhone:

The following shows an example of the brand image in the Intune app for Android:

Support information

Enter your organization's support information, so employees can reach out with questions. This support information will be displayed on Support, Help & Support, and Helpdesk pages across the end-user experience.

Field nameMaximum lengthMore information
Contact name40This name is who users will reach when they contact support.
Phone number20This number enables users to call for support.
Email address40This email address is where users can send emails for support. You must enter a valid email address in the format [email protected].
Website name40This is the friendly name that is displayed in some locations for the URL to the support website. If you specify a support website URL and no friendly name, then the URL itself is displayed in the end-user experiences.
Website URL150The support website that users should use. The URL must be in the format https://www.contoso.com.
Additional information120Include any additional support-related messaging to users here.

Configuration

You can configure the Company Portal experience specifically for enrollment, privacy, notifications, app sources, and self-service actions.

Enrollment

The following table provides enrollment-specific configuration details:

Company
Field nameMaximum lengthMore information
Device enrollmentN/ASpecify if and how users should be prompted to enroll into mobile device management. For more information, see Device enrollment setting options.

Device enrollment setting options

Microsoft company portal windows 10

Note

Support for the device enrollment setting requires end users have these Company Portal versions:

  • Company Portal on iOS/iPadOS: version 4.4 or later
  • Company Portal on Android: version 5.0.4715.0 or later

Important

The following settings do not apply to iOS/iPadOS devices configured to enroll with Automated Device Enrollment. Regardless of how these setting are configured, iOS/iPadOS devices configured to enroll with Automated Device Enrollment will enroll during the out of box flow and users will be prompted to sign in when they launch the Company Portal.

The following settings do apply to Android devices configured with Samsung Knox Mobile Enrollment (KME). If a device has been configured for KME and device enrollment is set to Unavailable, the device will not be able to enroll during the out of box flow.

Device enrollment optionsDescriptionChecklist promptsNotificationDevice details statusApp visibility (for an app that requires enrollment)
Available, with promptsThe default experience with prompts to enroll in all possible locations.YesYesYesYes
Available, no promptsUser can enroll via the status in device details for their current device or from apps that require enrollment.NoNoYesYes
UnavailableThere is no way for users to enroll. Apps requiring enrollment will be hidden.NoNoNoNo

Microsoft Intune Company Portal Mac Download

Privacy

The following table provides privacy-specific configuration details:

Field nameMaximum lengthMore information
Privacy statement URL79Set your organization's privacy statement to appear when users click on privacy links. You must enter a valid URL in the format https://www.contoso.com.
Privacy message about what support can't see or do (iOS/iPadOS)520Keep the default message or customize the message to list the items that your organization can't see on managed iOS/iPadOS devices. You can use markdown to add bullets, bolding, italics, and links.
Privacy message about what support can see or do (iOS/iPadOS)520Keep the default message or customize the message to list the items that your organization can see on managed iOS/iPadOS devices. You can use markdown to add bullets, bolding, italics, and links.

Device ownership notification

The following table provides notification-specific configuration details:

Field nameMaximum lengthMore information
Send a push notification to users when their device ownership type changes from personal to corporate (Android and iOS/iPadOS only)​N/ASend a push notification to both your Android and iOS Company Portal users when their device ownership type has been changed from personal to corporate. By default, this push notification is set to off. When device ownership is set to corporate ownership, Intune has greater access to the device, which includes the full app inventory, FileVault key rotation, phone number retrieval, and a select few remote actions. For more information, see Change device ownership.

App sources

You can choose which additional app sources will be shown in Company Portal.

Note

The Company Portal supports Configuration Manager applications. This feature allows end users to see both Configuration Manager and Intune deployed applications in the Company Portal for co-managed customers. For more information, see Use the Company Portal app on co-managed devices.

The following table provides app source specific configuration details:

Field nameMaximum lengthMore information
Azure AD Enterprise ApplicationsN/ASelect Hide or Show to display Azure AD Enterprise applications in the Company Portal for each end user. For more information, see App source setting options.
Office Online ApplicationsN/ASelect Hide or Show to display Office Online applications in the Company Portal for each end user. For more information, see App source setting options.

App source setting options

Note

The display of apps from other Microsoft services is only supported in the Windows Company Portal and the Company Portal website.

You can hide or show Azure AD Enterprise applications and Office Online applications in the Company Portal for each end user. Show will cause the Company Portal to display the entire applications catalog from the chosen Microsoft service(s) assigned to the user. Azure AD Enterprise applications are registered and assigned via the Azure portal. Office Online applications are assigned using the licensing controls available in the M365 Admin Center. In the Microsoft Endpoint Manager admin center, select Tenant administration > Customization to find this configuration setting. By default, each additional app source will be set to Hide.

Customizing user self-service actions for the Company Portal

Company

You can customize the available self-service device actions that are shown to end users in the Company Portal app and website. To help prevent unintended device actions, you can configure settings for the Company Portal app by selecting Tenant Administration > Customization.

The following actions are available:

  • Hide Remove button on corporate Windows devices.
  • Hide Reset button on corporate Windows devices.
  • Hide Remove button on corporate iOS/iPadOS devices.
  • Hide Reset button on corporate iOS/iPadOS devices.

Note

These actions can be used to restrict device actions in the Company Portal app and website and do not implement any device restriction policies. To restrict users from performing factory reset or MDM removal from settings, you must configure device restriction policies.

Opening Web Company Portal applications

For Web Company Portal applications, if the end user has the Company Portal application installed, the end users will see a dialog box asking how they want to open the application when opening outside of the browser. If the app is not in the path of the Company Portal, then the Company Portal will open the homepage. If the app is in the path, then the Company Portal will open the specific app.

Upon selecting the Company Portal, the user will be directed to the corresponding page in the application when the URI path is one of the following:

  • /apps - The Web Company Portal will open the Apps page that lists all of the apps.
  • /apps/[appID] - The Web Company Portal will open the Details page of the corresponding app.
  • The URI path is different or unexpected - The Web Company Portal home page will be displayed.

If the user does not have the Company Portal app installed, the user will be taken to the Web Company Portal.

Company Portal derived credentials for iOS/iPadOS devices

Intune supports Personal Identity Verification (PIV) and Common Access Card (CAC) Derived Credentials in partnership with credential providers DISA Purebred, Entrust Datacard, and Intercede. End users will go through additional steps post-enrollment of their iOS/iPadOS device to verify their identity in the Company Portal application. Derived Credentials will be enabled for users by first setting up a credential provider for your tenant, then targeting a profile that uses Derived Credentials to users or devices.

Company portal microsoft download

Note

The user will see instructions about derived credentials based on the link that you have specified via Intune.

For more information about derived credentials for iOS/iPadOS devices, see Use derived credentials in Microsoft Intune.

Dark Mode for the Company Portal

Dark Mode is available for the iOS/iPadOS, macOS, and Windows Company Portal. Users can download apps, manage their devices, and get IT support in the color scheme of their choice based on device settings. The iOS/iPadOS, macOS, and Windows Company Portal will automatically match the end user's device settings for dark or light mode.

Windows Company Portal keyboard shortcuts

End users can trigger navigation, app, and device actions in the Windows Company Portal using keyboard shortcuts (accelerators).

The following keyboard shortcuts are available in the Windows Company Portal app.

AreaDescriptionKeyboard shortcut
Navigation menuNavigationAlt+M
HomeAlt+H
All appsAlt+A
Installed appsAlt+I
Send feedbackAlt+F
My profileAlt+U
SettingsAlt+T
Home - Device tileRenameF2
RemoveCtrl+D or Delete
Check accessCtrl+M or F9
Device detailsRenameF2
RemoveCtrl+D or Delete
Check accessCtrl+M or F9
App detailsInstallCtrl+I
DevicesAvailableCtrl+D

Company Portal Download Windows

End users will also be able to see the available shortcuts in the Windows Company Portal app.

User self-service device actions from the Company Portal

Users can perform actions on their local or remote devices via the Company Portal app, Company Portal website, or the Intune app on Android. The actions that a user can perform vary based on device platform and configuration. In all cases, the remote device actions can only be performed by device's Primary User.

Available self-service device actions include the following:

  • Retire – Removes the device from Intune Management. In the company portal app and website, this shows as Remove.
  • Wipe – This action initiates a device reset. In the company portal website this is shown as Reset, or Factory Reset in the iOS/iPadOS Company Portal App.
  • Rename – This action changes the device name that the user can see in the Company Portal. It does not change the local device name, only the listing in the Company Portal.
  • Sync – This action initiates a device check-in with the Intune service. This shows as Check Status in the Company Portal.
  • Remote Lock – This locks the device, requiring a PIN to unlock it.
  • Reset Passcode – This action is used to reset device passcode. On iOS/iPadOS devices the passcode will be removed and the end user will be required to enter a new code in settings. On supported Android devices, a new passcode is generated by Intune and temporarily displayed in the Company Portal.
  • Key Recovery – This action is used to recover a personal recovery key for encrypted macOS devices from the Company Portal website.

To customize the available user self-service actions, see Customizing user self-service actions for the Company Portal.

Self-Service Actions

Some platforms and configurations do not allow self-service device actions. This table below provides further details about self-service actions:

ActionWindows 10(3)iOS/iPadOS(3)macOS(3)Android(3)
RetireAvailable(1)Available(9)AvailableAvailable(7)
WipeAvailableAvailable(5)(9)NAAvailable(7)
Rename(4)AvailableAvailableAvailableAvailable
SyncAvailableAvailableAvailableAvailable
Key RecoveryNANAAvailable(2)NA

(1)Retire is always blocked on Azure AD Joined Windows devices.
(2)Key Recovery for macOS is only available via the Web Portal.
(3) All remote actions are disabled if using a Device Enrollment Manager enrollment.
(4)Rename only changes the device name in the Company Portal app or Web Portal, not on the device.
(5)Wipe is not available on User Enrolled iOS/iPadOS devices.
(6)Reset Passcode is not supported on some Android and Android Enterprise configurations. For more information, see Reset or remove a device passcode in Intune.
(7)Retire and Wipe are not available on Android Enterprise Device Owner scenarios (COPE, COBO, COSU).
(8)Reset Passcode is not supported on User Enrolled iOS/iPadOS devices.
(9)All iOS/iPadOS Automated Device Enrollment devices (formerly known as DEP) have Retire and Wipe options disabled.

App logs

If you are using Azure Government, app logs are offered to the end user to decide how they will share when they initiate the process to get help with an issue. However, if you are not using Azure Government, the Company Portal will send app logs directly to Microsoft when the user initiates the process to get help with an issue. Sending the app logs to Microsoft will make it easier to troubleshoot and resolve issues.

Note

Consistent with Microsoft and Apple policy, we do not sell any data collected by our service to any third parties for any reason.

Microsoft portal online

Next steps

Microsoft released a beta version of the Intune Company Portal for macOS just last month; however, it’s since been pulled from the Download Center. This app had been made available along with the announcement of Conditional Access supporting macOS in preview.

Edit: the download is now available again: https://www.microsoft.com/en-us/download/details.aspx?id=55770

Installing the Company Portal is required to enable Conditional Access support on macOS, so I imagine a new version will be made available soon. If you’re testing with Macs or looking for full support with Intune, this is an important part of the puzzle.

Intune Web Enrollment

Previous to the Company Portal on macOS, enrollment in Intune is a largely manual process that requires logging into the Intune web portal with a browser, downloading a management profile and installing that manually. Not the best user experience.

Here’s what that looks like:

Intune Company Portal for macOS Experience

With the Company Portal, the user experience is streamlined, with the management profile installed automatically and you can see device compliance status from within the app. Here’s a quick look at the end-user experience with the Intune Company Portal for macOS on macOS Sierra.

Hopefully we’ll see the portal app available for download again soon and available for wider testing. I’m also hoping that the availability of the Portal app means we’ll see the ability for Intune to install apps on macOS. As we see more Mac devices (either corporate or personally owned), the ability to deploy and manage apps on this platform becomes critical.