Apparently this isn't very self explanatory if you have a mixed MacOS/Windows device environment. Because of the many ways you can join a MacOS device to Endpoint manager, doesn't mean all of them work if you have the need to integrate your MacOS devices with your local Active Directory.

As for the many ways you join a MacOS device.

• Auto-Enrollment: If you do this, then the AD integration functionality will never work. The options to configure it are all available in the Mac device. But you will never get the ability to verify credentials with AD and it will always force local accounts for some reason
• Profiles: This is the only way to do it if you need AD integration, otherwise it will never work

Joining a MacOS to intune and configure it for AD quite the manual process sadly. Would be easier just to buy powerfull Windows based devices, but alas. SysAdmins in mid to large business are more "advisors" rather than people with purchasing power.

Register the device in Endpoint Manager

1. Take note of the serial numbers of the MacOS devices and computernames you are planning to give it
2. Create comma delimited CSV file with column 1 containing the serial and column 2 the computer name. Add as many devices as you want by creating new rows
3. Login to https://endpoint.microsoft.com
4. Go to Devices > Enroll Devices > Apple Enrollment > Apple Configurator
5. If you do not have an Enrollment profile, then create one now otherwise go to step 6.
   1. On the same page starting from step 4, go to Profiles
   2. Click on Create
   3. Give your new profile a recognizable name and/or description and click Next
   4. For User Affinity, select Enroll without user affinity
   5. Review your settings and click Create
6. Starting from the page in step 4, go to Devices and click on Add
7. Select your Enrollment profile and upload the CSV file you create

Enrolling your MacOS Device and integrating it with Active Directory

1. In Endpoint Manager go to Devices > MacOS > MacOS Enrollment > Apple Configurator > Profiles > Open your created Enrollment Profile.
2. Click on Export Profile and save it on a USB stick
3. Start your MacOS device and go through the first-time wizard creating a new account, setting the language, etc. I suggest skipping creating the AppleID step.
4. When your MacOS is ready for use, go to System Preferences
5. Select Users & Groups
6. Select Login Options and select the Join button
7. Enter the FQDN of the AD domain, you will need to admin credentials to finish the integration
8. Back to the Login Options menu, select Network Account Server > Directory Utility
9. Make sure these options are checked/unchecked/changed in the User Experience tab
   • use UNC path from Active Directory to derive network home location - checked
   • Force Local home directory on startup - checked
   • Create mobile account at login - checked
   • Require confirmation before creating a mobile account - unchecked
   • Default user shell set to: /bin/bash/false
10. You can leave the Mappings tab alone, select the Administrative tab
11. Make sure Allow administration by is checked and add AD groups that are allowed to manage the MacOS device, like installing new software.
12. Now you can save all your changes, your are done configuring the integration
13. Insert the USB stick containing the Endpoint Profile created in step 2 and open it. The device will prompt that the new profile has been installed and can be seen in System Preferences > Profiles, go there.
14. Select the profile and click Install
15. Your MacOS device is now enrolled in Endpoint Manager with AD Integration enabled, restart the device and test the device. If everything went right you should see upon login that you have to enter a username/password. Enter your AD user credentials to test it out.
    If you look in Endpoint Manager you should see the device after a while under Devices > Enroll Devices > Apple Enrollment > Apple Configurator > Devices the time it takes varies but it should appear and you can manage it like any other device, like deploying apps, configurations, etc.