manage_intune_macos_devices
Enroll, manage, and secure macOS devices in Microsoft Intune for compliance, inventory control, and remote device actions.
Instructions
Manage macOS devices in Intune including enrollment, compliance policies, device actions, and inventory management.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| action | Yes | Intune macOS device management action | |
| deviceId | No | Device ID for device-specific operations | |
| filter | No | OData filter for device listing | |
| enrollmentType | No | Enrollment type | |
| assignmentTarget | No | Assignment target |
Implementation Reference
- Primary handler function implementing manage_intune_macos_devices tool. Handles various device management actions (list, get, enroll, retire, wipe, restart, sync, remote_lock, collect_logs) via Microsoft Graph API endpoints under /deviceManagement/managedDevices. Filters for macOS devices.export async function handleIntuneMacOSDevices( graphClient: Client, args: IntuneMacOSDeviceArgs ): Promise<{ content: { type: string; text: string }[] }> { let apiPath = ''; let result: any; switch (args.action) { case 'list': // List all macOS devices managed by Intune apiPath = '/deviceManagement/managedDevices'; const queryOptions: string[] = []; // Filter for macOS devices queryOptions.push(`$filter=operatingSystem eq 'macOS'`); if (args.filter) { queryOptions.push(`and ${args.filter}`); } if (queryOptions.length > 0) { apiPath += `?${queryOptions.join('')}`; } result = await graphClient.api(apiPath).get(); break; case 'get': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for get action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}`; result = await graphClient.api(apiPath).get(); break; case 'enroll': // Create enrollment invitation apiPath = '/deviceManagement/deviceEnrollmentConfigurations'; const enrollmentPayload = { displayName: 'macOS Device Enrollment', description: 'Automated macOS device enrollment', deviceEnrollmentConfigurationType: 'appleDeviceEnrollmentProgram', enableAuthenticationViaCompanyPortal: true, requireUserAuthentication: true, assignmentTarget: args.assignmentTarget }; result = await graphClient.api(apiPath).post(enrollmentPayload); break; case 'retire': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for retire action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}/retire`; result = await graphClient.api(apiPath).post({}); break; case 'wipe': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for wipe action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}/wipe`; const wipePayload = { keepEnrollmentData: false, keepUserData: false, macOsUnlockCode: '', // Optional unlock code for macOS persistEsimDataPlan: false }; result = await graphClient.api(apiPath).post(wipePayload); break; case 'restart': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for restart action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}/rebootNow`; result = await graphClient.api(apiPath).post({}); break; case 'sync': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for sync action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}/syncDevice`; result = await graphClient.api(apiPath).post({}); break; case 'remote_lock': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for remote_lock action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}/remoteLock`; result = await graphClient.api(apiPath).post({}); break; case 'collect_logs': if (!args.deviceId) { throw new McpError(ErrorCode.InvalidParams, 'deviceId is required for collect_logs action'); } apiPath = `/deviceManagement/managedDevices/${args.deviceId}/createDeviceLogCollectionRequest`; const logCollectionPayload = { templateType: 'predefined' // or 'custom' }; result = await graphClient.api(apiPath).post(logCollectionPayload); break; default: throw new McpError(ErrorCode.InvalidParams, `Invalid action: ${args.action}`); } return { content: [{ type: 'text', text: JSON.stringify(result, null, 2) }] }; }
- src/types/intune-types.ts:2-12 (schema)TypeScript interface defining the input schema/arguments for the manage_intune_macos_devices handler. Specifies required 'action' and optional parameters like deviceId, filter, enrollment details.export interface IntuneMacOSDeviceArgs { action: 'list' | 'get' | 'enroll' | 'retire' | 'wipe' | 'restart' | 'sync' | 'remote_lock' | 'collect_logs'; deviceId?: string; filter?: string; enrollmentType?: 'UserEnrollment' | 'DeviceEnrollment' | 'AutomaticDeviceEnrollment'; assignmentTarget?: { groupIds?: string[]; userIds?: string[]; deviceIds?: string[]; }; }
- src/handlers.ts:32-44 (registration)Central handlers index file that imports and re-exports the intune-macos-handler functions and types, facilitating registration in the main MCP server.// Import Intune macOS handlers and types import { handleIntuneMacOSDevices, handleIntuneMacOSPolicies, handleIntuneMacOSApps, handleIntuneMacOSCompliance } from './handlers/intune-macos-handler.js'; import { IntuneMacOSDeviceArgs, IntuneMacOSPolicyArgs, IntuneMacOSAppArgs, IntuneMacOSComplianceArgs } from './types/intune-types.js';
- src/tool-metadata.ts:127-280 (schema)Tool metadata entry providing description, title, and annotations (hints for MCP client UI) for manage_intune_macos_devices.manage_intune_macos_devices: { description: "Manage macOS devices in Intune including enrollment, compliance policies, device actions, and inventory management.", title: "Intune macOS Device Manager", annotations: { title: "Intune macOS Device Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_intune_macos_policies: { description: "Manage macOS configuration profiles and compliance policies for device security and management settings.", title: "Intune macOS Policy Manager", annotations: { title: "Intune macOS Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_intune_macos_apps: { description: "Manage macOS application deployment including app assignments, updates, and installation requirements.", title: "Intune macOS App Manager", annotations: { title: "Intune macOS App Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_intune_macos_compliance: { description: "Assess macOS device compliance status and generate reports on policy adherence and security posture.", title: "Intune macOS Compliance Checker", annotations: { title: "Intune macOS Compliance Checker", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, // Intune Windows Management manage_intune_windows_devices: { description: "Manage Windows devices in Intune including enrollment, autopilot deployment, device actions, and health monitoring.", title: "Intune Windows Device Manager", annotations: { title: "Intune Windows Device Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_intune_windows_policies: { description: "Manage Windows configuration profiles and compliance policies including security baselines and update rings.", title: "Intune Windows Policy Manager", annotations: { title: "Intune Windows Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_intune_windows_apps: { description: "Manage Windows application deployment including Win32 apps, Microsoft Store apps, and Office 365 assignments.", title: "Intune Windows App Manager", annotations: { title: "Intune Windows App Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_intune_windows_compliance: { description: "Assess Windows device compliance status including BitLocker encryption, antivirus status, and security configurations.", title: "Intune Windows Compliance Checker", annotations: { title: "Intune Windows Compliance Checker", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, // Compliance Framework Management manage_compliance_frameworks: { description: "Manage compliance frameworks and standards including HIPAA, GDPR, SOX, PCI-DSS, ISO 27001, and NIST configurations.", title: "Compliance Framework Manager", annotations: { title: "Compliance Framework Manager", readOnlyHint: false, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, manage_compliance_assessments: { description: "Conduct compliance assessments and generate detailed reports on regulatory adherence and security controls.", title: "Compliance Assessment Tool", annotations: { title: "Compliance Assessment Tool", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, manage_compliance_monitoring: { description: "Monitor ongoing compliance status with real-time alerts for policy violations and regulatory changes.", title: "Compliance Monitor", annotations: { title: "Compliance Monitor", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, manage_evidence_collection: { description: "Collect and preserve compliance evidence including audit logs, configuration snapshots, and attestation records.", title: "Evidence Collection Tool", annotations: { title: "Evidence Collection Tool", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, manage_gap_analysis: { description: "Perform gap analysis to identify compliance deficiencies and generate remediation recommendations.", title: "Compliance Gap Analyzer", annotations: { title: "Compliance Gap Analyzer", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, generate_audit_reports: { description: "Generate comprehensive audit reports for compliance frameworks with evidence documentation and findings.", title: "Audit Report Generator", annotations: { title: "Audit Report Generator", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, manage_cis_compliance: { description: "Manage CIS (Center for Internet Security) benchmark compliance including assessment and remediation tracking.", title: "CIS Compliance Manager", annotations: { title: "CIS Compliance Manager", readOnlyHint: false, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, // Advanced Graph API Features execute_graph_batch: { description: "Execute multiple Microsoft Graph API requests in a single batch operation for improved performance and efficiency.", title: "Graph Batch Executor", annotations: { title: "Graph Batch Executor", readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true } }, execute_delta_query: { description: "Track incremental changes to Microsoft Graph resources using delta queries for efficient synchronization.", title: "Graph Delta Query", annotations: { title: "Graph Delta Query", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, manage_graph_subscriptions: { description: "Manage webhook subscriptions for real-time change notifications from Microsoft Graph resources.", title: "Graph Subscription Manager", annotations: { title: "Graph Subscription Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, execute_graph_search: { description: "Execute advanced search queries across Microsoft 365 content including emails, files, messages, and calendar events.", title: "Graph Search", annotations: { title: "Graph Search", readOnlyHint: true, destructiveHint: false, idempotentHint: true, openWorldHint: true } }, // Policy Management manage_retention_policies: { description: "Manage retention policies for content across Exchange, SharePoint, OneDrive, and Teams with lifecycle rules.", title: "Retention Policy Manager", annotations: { title: "Retention Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_conditional_access_policies: { description: "Manage Azure AD conditional access policies for zero-trust security including MFA, device compliance, and location-based controls.", title: "Conditional Access Policy Manager", annotations: { title: "Conditional Access Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_information_protection_policies: { description: "Manage Azure Information Protection policies for data classification, encryption, and rights management.", title: "Information Protection Policy Manager", annotations: { title: "Information Protection Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_defender_policies: { description: "Manage Microsoft Defender for Office 365 policies including Safe Attachments, Safe Links, anti-phishing, and anti-malware.", title: "Defender Policy Manager", annotations: { title: "Defender Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_teams_policies: { description: "Manage Microsoft Teams policies for messaging, meetings, calling, apps, and live events across the organization.", title: "Teams Policy Manager", annotations: { title: "Teams Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_exchange_policies: { description: "Manage Exchange Online policies including mail flow rules, mobile device access, and organization-wide settings.", title: "Exchange Policy Manager", annotations: { title: "Exchange Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_sharepoint_governance_policies: { description: "Manage SharePoint governance policies including sharing controls, access restrictions, and site lifecycle management.", title: "SharePoint Governance Manager", annotations: { title: "SharePoint Governance Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, manage_security_alert_policies: { description: "Manage security alert policies for monitoring threats, suspicious activities, and compliance violations across Microsoft 365.", title: "Security Alert Policy Manager", annotations: { title: "Security Alert Policy Manager", readOnlyHint: false, destructiveHint: true, idempotentHint: false, openWorldHint: true } }, // Document Generation generate_powerpoint_presentation: { description: "Create professional PowerPoint presentations with custom slides, charts, tables, and themes from Microsoft 365 data.", title: "PowerPoint Generator", annotations: { title: "PowerPoint Generator", readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true } }, generate_word_document: { description: "Create professional Word documents with formatted sections, tables, charts, and table of contents from analysis data.", title: "Word Document Generator", annotations: { title: "Word Document Generator", readOnlyHint: false, destructiveHint: false, idempotentHint: false, openWorldHint: true }
- smithery.ts:276-280 (registration)Smithery deployment configuration registering the tool for discovery, including name, description, category, and tags (no full inputSchema defined).name: 'manage_intune_macos_devices', description: 'Manage macOS devices in Microsoft Intune - enrollment, compliance, and device actions', category: 'Device Management', tags: ['intune', 'macos', 'device-management', 'mdm'] },