After creating Apple MDM push certificate in Intune portal and while testing in the macOS device, after you install the company portal and login and try to enrol, the app shows error as
"Couldn't add your device.
Your IT support doesn't allow OSX devices to be added to management."
First step is to check in Intune portal - devices - enrollment - monitor - enrollment failure for any entry for the affected user.
In this scenario, the issue was due to the device type restrictions that was blocking the macOS devices.
Solution:
Open intune portal - Devices - Enrollment - click Apple.
Select device platform restrictions and switch to MacOS restrictions tab.
Your administrator would have created a device restriction to block the enrollment of MacOS earlier. If there are multiple restrictions created for devices open one by one and make sure the macOS platform is allowed for enrollment.
When you edit the restrictions and go to the properties and under platform settings, you can find out whether the macOS devices are allowed to enroll or if they are blocked.
