IntuneMdmAgent high CPU on Mac: causes and fixes

Q: Is IntuneMdmAgent malware on Mac?

No, not by default. It is generally a legitimate Microsoft Intune management component used on work or school Macs. A high CPU spike can look suspicious, but in most cases the issue is tied to management activity, scripts, or sync problems rather than malicious code.

Q: Can I delete IntuneMdmAgent from my Mac?

You generally should not do that on a managed Mac. Removing or tampering with Intune components can break corporate access, compliance status, app deployment, or device enrollment. If you think the agent is causing problems, work through troubleshooting steps first and involve your IT administrator.

Q: Why does IntuneMdmAgent use so much CPU after a restart?

That can happen if the Mac is catching up on management tasks at login, rerunning scripts, or trying to recover from a stale check-in state. If the spike lasts only briefly, it may be normal. If it stays high for a long time every time you restart, something is probably stuck.

Q: What should I send to IT if IntuneMdmAgent keeps overusing CPU?

Send a short but specific report. Include when the issue started, whether it followed an update or policy change, how high the CPU usage gets, how long it lasts, and whether the Mac overheats or becomes unresponsive. A Company Portal diagnostic report is especially useful because it gives IT more to work with than a screenshot alone.

What is IntuneMdmAgent on Mac?

On organization-managed Macs, background processes tied to device management are part of the package. Most of them do their job quietly enough to go unnoticed. Every now and then, though, one of these helpers starts acting up and turns into a serious nuisance from a performance standpoint. IntuneMdmAgent is one such example.

If this process suddenly climbs to the top of Activity Monitor, the symptoms are usually hard to miss. The Mac may run hot, fans can spin up for longer than usual, battery drain becomes more noticeable, and routine actions start feeling weirdly sluggish. That kind of behavior is understandably alarming, especially when the process name does not exactly tell the average user much on its own.

Activity Monitor showing IntuneMdmAgent using over 100 percent CPU on a Mac

The good news is that IntuneMdmAgent is not inherently malicious. It is a legitimate Microsoft Intune component used in enterprise or school environments to help manage macOS devices. That being said, legitimacy does not make it immune to bugs, sync loops, or policy-related hiccups. Let us take a closer look at why this process can monopolize CPU resources and what you can do to bring it back in check.

Why IntuneMdmAgent can use too much CPU

There is not a single universal trigger behind this issue. In reality, several different conditions can push IntuneMdmAgent into a resource-hog pattern.

Normal short-term spikes vs. a genuine problem

A brief burst of activity is not necessarily bad news. For example, the process may use more CPU for a while after enrollment, right after a policy refresh, during script execution, or when Company Portal is forcing a status check.

A real problem usually has a different pattern. You will need to watch for the following red flags:

CPU usage remains high for an extended period instead of settling down.
The Mac stays unusually hot or noisy during otherwise light use.
Battery drain becomes dramatic on a MacBook machine.
Company Portal appears stuck, slow, or repeatedly checking status.
The same issue returns after every reboot or login.

Common root causes

Once the spike starts looking persistent rather than routine, the shortlist of likely causes becomes clearer.

A problematic shell script assignment: If IT has pushed a script that loops, stalls, retries too often, or behaves badly on a specific macOS version, the agent may keep grinding away in the background.
Repeated check-in attempts: Network instability, service communication hiccups, or partial failures can cause the process to retry actions more often than it should.
Post-update friction: After a macOS update, a previously stable Intune setup may hit compatibility snags, stale caches, or profile mismatches.
Enrollment or profile inconsistency: If the management state on the Mac is no longer fully in sync with what Intune expects, the agent may keep trying to reconcile it.
Company Portal-related glitches: Because Company Portal and Intune management workflows are closely related, problems there can ripple into abnormal background activity.
Too many policy changes at once: Large-scale app, settings, or script deployments sometimes create short-lived but noticeable congestion, especially on older Intel Macs or systems already under heavy load.

From a broader perspective, IntuneMdmAgent high CPU is usually a troubleshooting issue rather than a cleanup issue. That distinction matters because the right response is to stabilize the management workflow, not to start randomly deleting enterprise components.

How to fix IntuneMdmAgent high CPU on Mac

The most effective way to address this problem is to move from the least disruptive checks to the more substantial ones. If your Mac is company-owned or managed by a school, keep your IT team in the loop before removing profiles or unenrolling the device.

1. Confirm that IntuneMdmAgent is really the culprit

Before changing anything, make sure the diagnosis is accurate. Activity Monitor gives you the quickest way to verify what is actually happening.

Open Applications > Utilities > Activity Monitor.
Click the CPU tab.
Look for IntuneMdmAgent and observe whether the usage stays elevated for several minutes.
Also check whether other processes are piling on top of the slowdown, such as Company Portal, security tools, or browser-heavy tasks.
If the spike appears only briefly and then fades, you may be looking at normal management activity rather than a fault.

2. Force a fresh Intune status check

Sometimes the process burns CPU because it is stuck in a stale state. A manual refresh can nudge it back onto a normal track.

Open Company Portal.
Select Devices.
Choose your current Mac if more than one device is listed.
Click Check Status.
Wait a few minutes and watch Activity Monitor again.
If CPU usage drops afterward, the issue may have been tied to a stalled or outdated check-in cycle.

3. Restart the IntuneMdmAgent process

If the process is plainly wedged, restarting it can help. This is often more effective than just staring at Activity Monitor and hoping it sorts itself out.

Open Terminal.
Run the following command:

sudo killall IntuneMdmAgent

Enter your administrator password when prompted.
Give the Mac a few minutes to let the process relaunch and settle.
Recheck CPU usage in Activity Monitor.

Terminal window showing the sudo killall IntuneMdmAgent command

This step does not normally remove management from the device. It simply terminates the process so that macOS and Intune can start it cleanly again.

A reboot sounds basic, but it still matters. It clears temporary process states, unloads stale user-session baggage, and gives the agent a cleaner environment to restart in.

Save your work and restart the Mac.
After logging back in, avoid immediately opening a pile of heavy apps.
Wait a few minutes and see whether IntuneMdmAgent behaves normally before resuming your usual workload.
If the process spikes again right after login every single time, that is a stronger sign of a persistent management-side issue.

5. Check whether the problem began after a recent change

This issue often has a trigger. Finding that trigger can save a lot of trial and error. Look back at what changed shortly before the CPU problem began:

A macOS update
A new compliance policy
A newly assigned shell script
Company Portal updates
Enrollment changes
Account or password changes tied to work access

Software Update window showing a pending macOS Tahoe update on a Mac

If the timing lines up with one of these events, that clue is worth passing to your IT admin. In managed environments, pinpointing the first bad change is often half the battle.

6. Collect diagnostics before escalating

When the issue does not go away, logs matter. They make the difference between a vague "my Mac is slow" report and something an admin can actually work with.

Open Company Portal.
In the menu bar, choose Help > Save Diagnostic Report.
Save the report to an easy-to-find location.
If your IT team requests it, send them the file along with a short description of what you observed.
Include details such as when the spike starts, whether the Mac overheats, and whether it happens after login, after waking from sleep, or during check-ins.

If instructed by IT, you can also enable advanced logging in Company Portal preferences. Do not leave verbose logging on longer than needed, though, because it is meant for troubleshooting rather than everyday use.

7. Ask IT to review assigned scripts and policies

At this stage, the problem may be beyond what an end user can safely fix alone. A management agent can only be as smooth as the workload it is being told to handle.

Your IT admin should specifically review:

Recently assigned macOS shell scripts
Script retry behavior and execution schedule
Compliance policies pushed shortly before the issue started
Profile conflicts or enrollment anomalies
Devices affected by the same behavior across the organization
Whether the issue is limited to one macOS version or one hardware type

If multiple users are seeing the same symptoms, that usually points away from your individual Mac and toward a policy, script, or broader Intune-side hiccup.

8. Re-enroll the Mac only as a last resort

Sometimes the enrollment state becomes so inconsistent that lighter fixes do not cut it. In that case, re-enrollment may be the cleanest path forward, but it should be handled carefully.

Do not remove management profiles on your own unless your IT team tells you to.
Confirm that the device can be re-enrolled without disrupting access to company apps, certificates, or FileVault-related settings.
Back up important local work first if your organization allows it.
Have IT guide the unenrollment and re-enrollment process to avoid making things worse.

This is the most invasive option on the list, so it belongs at the end, not the beginning.

How to reduce the chances of the issue coming back

Once the Mac is stable again, the next step is prevention. Enterprise management problems have a habit of resurfacing unless the surrounding setup is kept tidy.

Practical preventive measures

A few habits and admin-side guardrails can go a long way here.

Keep macOS and Company Portal up to date, but avoid rushed upgrades in large managed fleets without testing.
Roll out new shell scripts in phases instead of pushing them broadly all at once.
Audit old or redundant policies so devices are not processing more than they need to.
Document when new performance issues start, especially after updates or policy changes.
Use diagnostics early instead of waiting until the Mac becomes nearly unusable.
Make sure affected devices have stable internet access during enrollment, policy refreshes, and script execution.
Coordinate with IT before manually removing enterprise apps, certificates, or profiles.

The bottom line is simple: IntuneMdmAgent behaves best when the device's management state is clean, current, and not overloaded with conflicting instructions.

To recap

IntuneMdmAgent on Mac is usually a legitimate Microsoft Intune process rather than a threat in disguise. When it starts consuming too much CPU, the cause is more likely to be a stuck check-in, a misbehaving script, a policy conflict, or an enrollment inconsistency than outright malware.

That said, the performance hit can be severe enough to disrupt normal work and make the Mac feel borderline unusable. The most sensible response is to verify the spike, force a fresh check-in, restart the process, gather diagnostics, and involve IT if the problem persists. With a structured approach, this issue is typically manageable even when it proves stubborn at first.

FAQ

Is IntuneMdmAgent malware on Mac?

Can I delete IntuneMdmAgent from my Mac?

Why does IntuneMdmAgent use so much CPU after a restart?

What should I send to IT if IntuneMdmAgent keeps overusing CPU?