Skip to main content

Connecting from a Mac to an Intune-Managed Windows Machine: An IT Admin's Guide

Introduction

Managing cross-platform connectivity is a crucial task for IT administrators. This article provides detailed steps for connecting from a Mac to an Intune-managed Windows machine using the Microsoft Windows app (formerly Microsoft Remote Desktop). This process includes configuring essential files, setting up secure remote connections, and troubleshooting potential issues.

Prerequisites

Mac Requirements:

  • macOS 10.14 or later.
  • The latest version of the Microsoft Windows app, available on the Mac App Store.

Windows Machine Requirements:

  • Remote Desktop must be enabled.
  • The user’s account should be added to the “Remote Desktop Users” group.

TAMU VPN (For Off-Campus Access):

  • Required for connections outside the campus network.
  • Visit connect.tamu.edu to download the VPN client.

Other Requirements:

  • Confirm the IP address or hostname of the target Windows machine.

Step 1: Configuring the Mac’s /etc/hosts File

The /etc/hosts file maps hostnames to IP addresses, enabling easier connectivity to the target machine.

Instructions:

  1. Open Terminal:

    • Press Command + Space, type Terminal, and press Enter.

  2. Edit the Hosts File:

    • Run the following command to open the file in a text editor: 
      sudo nano /etc/hosts
    • Enter your administrator password when prompted.

  3. Add an Entry for the Windows Machine:

    • Replace <IP Address> with the machine's IP and <Hostname> with its hostname: 
      <IP Address> <Hostname>
    • Example: 
      192.168.1.100 mydevicename.local

  4. Save and Exit:

    • Press Ctrl + O to save, then Ctrl + X to exit.

  5. Flush DNS Cache:

    • Run the following command to apply changes: 
      sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

Step 2: Creating the .rdp Configuration File

To enable seamless connectivity, an .rdp file must be configured. This file contains the necessary settings for the Microsoft Windows app to connect to an Azure AD-joined Windows machine.

Minimal Working .rdp File

Create a new file called my-connection.rdp and add the following lines:

full address:s:<Hostname>
enablerdsaadauth:i:1
targetisaadjoined:i:1
enablecredsspsupport:i:1
authentication level:i:2
prompt for credentials on client:i:1

Explanation of Settings:

  • full address:s:<Hostname> → Replace <Hostname> with the target Windows machine’s IP or hostname.
  • enablerdsaadauth:i:1 → Enables Remote Desktop Single Sign-On (SSO) for Azure AD.
  • targetisaadjoined:i:1 → Specifies that the target machine is Azure AD-joined.
  • enablecredsspsupport:i:1 → Enables Credential Security Support Provider (CredSSP).
  • authentication level:i:2 → Ensures server authentication.
  • prompt for credentials on client:i:1 → Prompts for credentials before connecting.

Step 3: Connecting via TAMU VPN (For Off-Campus Access)

Instructions:

  1. Install the TAMU VPN Client:
    Download from connect.tamu.edu or use the Self Service Hub.
  2. Connect to the VPN:
    Log in with your NetID and password.
  3. Verify network access and test the RDP connection by opening the .rdp file.

Troubleshooting Common Issues

Unable to Connect

  • Verify the VPN connection if accessing off-campus.
  • Ensure the hostname or IP address in the .rdp file is correct.
  • Confirm Remote Desktop is enabled on the Windows machine and the user has necessary permissions.

Credential Issues

  • Ensure the correct Azure AD username format (e.g., netid@tamu.edu).
  • If prompted multiple times for credentials, clear cached credentials in macOS Keychain Access.

Final Notes

This guide is tailored for IT administrators managing TAMU systems. Ensure all configurations comply with university security policies.