This post is a practical guide to using MacOS custom attributes in Intune. MacOS custom attributes in Intune let you collect arbitrary signals from your Macs — anything a shell script can return — and surface them as device properties for compliance, dynamic groups and reporting.
Microsoft Intune’s macOS custom attributes are one of the most underrated features in the platform — a thin slice of “managed Jamf Extension Attributes” that lets you collect arbitrary signals from your Macs (anything you can return from a shell script: hardware identifiers, configuration state, installed apps, security posture) and surface them as device properties for compliance, dynamic groups and reporting. This post walks through the end-to-end workflow: how to write a robust custom-attribute shell script, deploy it via Intune, and consume the result in compliance policies and Microsoft Graph queries.
Intune already has a basic inventory of MacOS devices. On the one hand, there is a hardware inventory in which you have everything from the serial number to the free memory, but also os information. In addition, you can see in the discovered apps which applications are installed on the device. But if you want to collect more information about the devices, Intune offers a really cool feature here. The feature I am talking about is called custom attribute. This is basically a shell script that is executed on the devices and the return value is stored as a custom attribute.
Table of contents
Why use MacOS custom attributes in Intune
If you come from a Jamf background, MacOS custom attributes in Intune will feel familiar: they are the Microsoft equivalent of Extension Attributes. The built-in inventory is great for the basics, but every organization eventually hits a signal that Intune does not collect out of the box — FileVault recovery state, a specific configuration profile flag, the battery cycle count, or whether a third-party agent is running.
With MacOS custom attributes in Intune you bridge that gap without paying for an extra inventory tool. Because the result is stored as a real device property, you can filter on it in dynamic device groups, evaluate it inside compliance policies, and pull it through the Microsoft Graph API for custom dashboards and reporting.
How to deploy a custom attribute
Deploying MacOS custom attributes in Intune is a short wizard, but the script behind it is where the real work happens. Follow the steps below to create your first custom attribute and assign it to a group of devices.
- Open the Intune admin center
- Navigate to Devices -> macOS -> Custom attributes
- Click on +Add

- Enter a Name
- Click Next

- Select the Data type from the script output
- Upload the Script (You can find example scripts below)
- Click Next

- Assign the custom attribute to a group
- Click Next

- Click Add

- Wait until the value is collected and check the Status in Intune

Writing a robust shell script
The quality of MacOS custom attributes in Intune depends entirely on the script you upload. A custom attribute script runs as root in the Intune management agent context, and Intune captures whatever the script writes to standard output. Keep these rules in mind so the value is collected reliably:
- Always echo a single, clean value — Intune stores the last line of output.
- Match the value to the data type you selected (string, integer or date).
- Exit quickly; long-running scripts can time out and leave the attribute empty.
- Handle the “not found” case gracefully so the attribute is never blank.
Because the script runs with full privileges, you can reach almost any system signal. Tools like system_profiler, profiles, fdesetup and defaults are your friends here. For the full list of supported settings and behaviour, the official documentation on macOS shell scripts in Microsoft Learn is the authoritative reference.
Sample Script
BatteryLoadingCycles.sh
#!/bin/bash
#set -x
echo $(system_profiler SPPowerDataType | grep "Cycle Count:" | sed 's/.*Cycle Count: //')
Consuming the value in compliance and Graph
Once MacOS custom attributes in Intune have collected a value, the data becomes actionable. You can build a compliance policy with a custom script that reads the attribute and marks a device non-compliant when, for example, the battery cycle count crosses a threshold. You can also query the values through the Microsoft Graph API to feed external reporting, Power BI dashboards or your own automation. If you want to go deeper into automating Intune, take a look at my other posts on jannikreinhard.com, where I cover Graph, Proactive Remediations and device management end to end.
Conclusion
I think MacOS custom attributes in Intune are a very useful feature that makes reporting or collecting information very easy. I have provided you with an example script that you can use but also use as a template for creating new scripts. You have endless possibilities here for what and how you want to collect data from Mac devices. The only thing you have to keep in mind is that your script generates an output. Start small with one signal, validate the result in the Intune portal, and then expand your library of MacOS custom attributes in Intune as your reporting needs grow.