macOS: Safely installing Microsoft Intune

Microsoft Intune is a remote device management and supervision solution employed by some corporations.
The below instructions are written assuming macOS Catalina and APFS, the process is fairly similar for other setups.

  1. If your daily driver disk isn’t encrypted, go to System Preferences → Security & Privacy → FileVault and turn it on
  2. Boot into Recovery Mode by holding down ⌘R during the boot
  3. Open Disk Utility and create a new APFS encrypted volume
  4. Exit Disk Utility and choose Reinstall macOS
    • NB! Be sure to install on the new volume you just created, or you risk losing all of your data
    • Do not connect with iCloud because Intune reads your keychain
  5. Once the installation is done, reboot and log in to your blank macOS installation
    • Upon boot, do not unlock your daily driver volume when prompted
  6. Install Intune as usual, perform enrolment and any other required actions
  7. Boot back into Recovery Mode, open Disk Utility, and delete the volume you created earlier
  8. Reboot into your daily driver and forget Intune