This post is a practical guide to using MacOS custom attributes in Microsoft Intune. Custom attributes let you collect arbitrary signals from your Macs — anything a shell script can return — and surface them as device properties for compliance, dynamic groups and reporting.
Microsoft Intune’s macOS custom attributes are one of the most underrated features in the platform — a thin slice of “managed Jamf Extension Attributes” that lets you collect arbitrary signals from your Macs (anything you can return from a shell script: hardware identifiers, configuration state, installed apps, security posture) and surface them as device properties for compliance, dynamic groups and reporting. This post walks through the end-to-end workflow: how to write a robust custom-attribute shell script, deploy it via Intune, and consume the result in compliance policies and Microsoft Graph queries.
Intune already has a basic inventory of MacOS devices. On the one hand, there is a hardware inventory in which you have everything from the serial number to the free memory, but also os information. In addition, you can see in the discovered apps which applications are installed on the device. But if you want to collect more information about the devices, Intune offers a really cool feature here. The feature I am talking about is called custom attribute. This is basically a shell script that is executed on the devices and the return value is stored as a custom attribute.
How to deploy a custom attribute
- Open the Intune admin center
- Navigate to Devices -> macOS -> Custom attributes
- Click on +Add
- Enter a Name
- Click Next
- Select the Data type from the script output
- Upload the Script (You can find example scripts below)
- Click Next
- Assign the custom attribute to a group
- Click Next
- Click Add
- Wait until the value is collected and check the Status in Intune
Sample Script
BatteryLoadingCycles.sh
#!/bin/bash
#set -x
echo $(system_profiler SPPowerDataType | grep "Cycle Count:" | sed 's/.*Cycle Count: //')Conclusion
I think this is a very useful feature that makes reporting or collecting information very easy. I have provided you with an example script that you can use but also use as a template for creating new scripts. You have endless possibilities here what and how you want to collect this from Mac devices. The only thing you have to keep in mind is that your script generates an output.