Semi-Protected devices

macOS Enrollment Guide

This guide explains how to enroll your macOS device into semi-protected mode.

Supported versions: macOS 12 Monterey or newer.

If you are not sure how to proceed, or something does not work as expected, please contact Helpdesk. Our team can guide you through process.

1. Prepare Your Mac

  • Complete any initial macOS setup if this is new device.
  • Make sure you have an administrator account on your Mac (required to install  management profile).
  • Ensure you are connected to unmanaged VPN before starting. This is necessary so Intune can communicate with our systems. Follow this guide to setup FortiClient VPN on Mac device.

2. Install Company Portal

  1. Download Microsoft Company Portal from official link.
  2. Open downloaded .pkg file and install application.
    • You may see notifications about background services being added.
    • You may also be prompted with Microsoft AutoUpdate notice – click OK to continue.
  3. After installation, open Company Portal from your Applications folder.

3. Sign in and Start Enrollment

  1. Launch Company Portal.
  2. Sign in with 4finance email address and password.
  3. If prompted, confirm your login with MFA.
  4. Follow on-screen instructions to begin enrollment.
    • A management profile will be downloaded automatically.

4. Install Management Profile

  1. Open System Settings (or System Preferences on older macOS versions).
  2. Go to Profiles (or Privacy & Security > Profiles on newer macOS).
  3. Select profile that was just downloaded and click Install.
  4. Enter your Mac administrator password when prompted.
  5. Once installed, return to Company Portal – it will automatically continue to next step.

5. Complete Compliance Requirements

Company Portal will now verify if your Mac meets company compliance policies:

  • Disk Encryption (FileVault):
    • If FileVault is not enabled, you will be prompted to turn it on.
    • Enabling FileVault requires a restart and will encrypt your entire disk.
    • For detailed instructions, refer to Apple’s official FileVault documentation.
  • Password Policy:
    • You may need to set up or update your Mac login password to meet company requirements (length and complexity).

Once these requirements are fulfilled, your device will be marked as compliant.

6. Confirm Enrollment

After completing all steps:

  • Company Portal will display a confirmation message that enrollment is complete.
  • Your Mac is now registered and secured in semi-protected mode.

7. Troubleshooting

  • If profile does not appear in System Settings, reopen Company Portal and start enrollment again.
  • If FileVault fails to enable, ensure you are logged in as an administrator and retry.
  • If your device shows as non-compliant after setup, wait a few minutes and refresh in Company Portal. If issue persists, contact Helpdesk.

8. Done

Enrollment complete. Your macOS device is now secured in semi-protected mode.

Support

If you experience issues during or after enrollment:

  • Contact Helpdesk for assistance
Back to Knowledge base

Desktop Devices

Provision MacOS device
Installing FortiClient VPN on Unmanaged Windows device
Installing FortiClient VPN on Unmanaged Linux device
Installing FortiClient VPN on Unmanaged MacOS device

Mobile Devices

Installing FortiClient 4finance Unmanaged VPN on Android device
Installing FortiClient 4finance Unmanaged VPN on iOS device

Account Management

How to Set Up Multi-Factor Authentication (MFA)
How to reset your 4Finance account password
How to connect to Terminal server

Office Space Booking

Booking work desk and parking spot
Office workdesk plan