As businesses increasingly embrace a diverse range of devices, managing those devices efficiently becomes an important challenge administrators must face. Microsoft Intune, a cloud-based service that focuses on mobile device management (MDM) and mobile application management (MAM), plays a crucial role in achieving a streamlined endpoint management strategy.

For those who have used Intune to manage macOS devices, you’ve certainly encountered some challenges in the past. Fortunately, Microsoft is forging ahead with innovative new solutions in their Intune platform for macOS devices.

One prime example of these recent developments is Platform SSO, a feature dedicated to improving the experience and security for admins and end-users alike using macOS devices and Intune in tandem.

 

What is Platform SSO for macOS Devices?

Platform SSO is an Intune feature designed to streamline Single Sign-On (SSO) experiences with macOS devices while simultaneously bolster security. This enhancement brings about several key benefits for users, contributing to a more seamless and secure authentication process.

 

Native Management with Microsoft Intune:

Microsoft Intune natively manages Platform SSO for macOS. This integration ensures that businesses using Intune can take advantage of the enhanced SSO capabilities on their Mac devices.

 

Hardware-Bound Security Advancements:

The integration of Platform SSO for macOS bring a hardware-bound key or the option to sign in using a Microsoft Entra ID password. In result, security measures are enhanced on Mac devices used within an organization. The Platform SSO tool uses Secure Enclave integration for secure and easy authentication, helping to create a Zero Trust architecture.

 

Streamlined Employee Onboarding Experience:

With the Platform SSO update, Microsoft has reimagined the onboarding experience for Mac users enrolled in Intune. Platform SSO for macOS simplifies the onboarding process, and offers a familiar and native macOS experience. Notably, it eliminates the need for Mac users to launch the Company Portal app to access resources protected by Conditional Access on Intune-managed Macs, streamlining the user experience.

 

Passwordless Authentication with Platform Credentials:

Enabled by Platform SSO and powered by Microsoft’s Enterprise SSO plug-in, Platform SSO for macOS introduces a passwordless experience for users. Utilizing Touch ID to unlock devices and sign in to Entra ID through a device-bound cryptographic key, this feature ensures a secure yet convenient authentication process.

 

Cost-Efficient Security Measures:

By adopting Platform SSO for macOS, businesses can potentially save costs associated with traditional security keys or even additional hardware. The reduces reliance on external security measures while maintaining a high level of security— providing a win for both organizations and end-users.

How to create the Platform SSO Configuration

The options for creating the config are quite specific but the authentication method can be changed from password to secure enclave.

  • Password as authentication method: This syncs the user’s Microsoft Entra ID password with the
    local account as well as enables SSO across apps that use Microsoft Entra ID for authentication.

 

  • Secure Enclave key as authentication method: This provisions secure enclave backed
    cryptographic key that is used for SSO across apps that use Microsoft Entra ID for
    authentication. The user’s local account password is not affected and is required to log on to the
     Mac.

 

 

Contact us to learn more about Intune

 

MILTON CATO

Milton is a Modern Work and Security Engineer in New York City. He works with clients in the Microsoft 365 space elevating and optimizing Endpoint Solutions for scaled and sustained growth. Milton is a self proclaimed foodie and avid concert-goer. Prior to joining Mobile Mentor, Milton has spent almost 10 years in the IT space growing his skillset and the companies he worked for. With an eye for automation and a “people first” mindset, Milton is an invaluable asset to any project he touches.