macOS Laptop Provisioning

How to provision a macOS laptop

  3 minute read  

Overview

All laptops should be configured with security in mind.

We require the use of an @intellihr.com Apple ID that is separate from any personal Apple ID’s you may have. Some of these reasons include

  • Backups, keychains and documents are all considered sensitive information, and should not be stored on personal devices or in personal services
  • 2FA for remote lock, wipe, or account resets are common methods of account compromises, and ensuring the use of @intellihr.com email addresses also ensures we are in control of that aspect of multi-factor authentication
  • Keeping a strong separation between work and personal accounts will help prevent the accidental leak of information from one to the other, in either direction

Prerequisites

This guide assumes that you have a new, factory reset Apple laptop, for example a new MacBook Air M1.

Steps

These steps will walk you through provisioning a laptop running macOS.

Select Your Country or Region

Select Your Country or Region

Configure Accessibility Options

Accessibility

Connect To Wi-Fi Network

A Wi-Fi connection is required for the creation, or signing in, of an Apple ID account.

Select You Wi-Fi Network

Data & Privacy

Data & Privacy

Data Migration Assistant

Unless you have an existing Apple laptop, the data migration assistant step can be skipped by selecting Not Now.

Data Migration Assistant

Sign In With Your Apple ID

If you have an existing Apple ID account, set up with an @intellihr.com email address, you can sign into it here. Otherwise proceed to set up a new Apple ID account for your @intellihr.com email address.

Sign In With Your Apple ID

New Apple ID

Date Of Birth

New Apple ID - Date Of Birth

User Details

New Apple ID - User Details

New Apple ID - User Details - Filled

Verify Identity

You must enter a phone number that you have access to in order to verify your identity with Apple.

New Apple ID - Verify Identity

Create a Computer Account

Once your Apple ID has been created, you will need to configure an account that is used to log into the computer. This account should use a different password than the one you set up for your Apple ID.

Make sure that the “Allow my Apple ID to reset this password” checkbox remains checked.

Create a Computer Account

Create a Computer Account - Filled

iCloud Keychain

iCloud Keychain

Find My

Find My

FileVault Disk Encryption

Full disk encryption is a requirement of all company issued laptops. Proof of encryption must be sent to it@intellihr.com once set up has been completed, along with your laptops serial number.

Ensure that both checkboxes on this screen remain checked. This will enable full disk encryption and allow you to recover access to the laptop with your iCloud account.

FileVault

Touch ID

If you wish to set up Touch ID, you may do so here, otherwise select Set Up Touch ID Later.

Touch ID

Encryption confirmation

Once setup has finished and you have logged into macOS, please take a screenshot showing your FileVault settings and the Serial Number of the laptop.

To get the FileVault settings, open System Preferences, select Security & Privacy. From this page select the FileVault tab near the top of the window.

The serial number can be found by clicking the Apple icon in the top left of the screen and choosing About This Mac.

Please make sure to get both pieces of information in a single screenshot, similar to the example below.

Encryption Confirmation

To take a screenshot, press the key combination Shift + Cmd + 3. By default this will save the screenshot to your desktop. Please email this to it@intellihr.com.