Hardware-Bound Security Advancements:
The integration of Platform SSO for macOS bring a hardware-bound key or the option to sign in using a Microsoft Entra ID password. In result, security measures are enhanced on Mac devices used within an organization. The Platform SSO tool uses Secure Enclave integration for secure and easy authentication, helping to create a Zero Trust architecture.
Streamlined Employee Onboarding Experience:
With the Platform SSO update, Microsoft has reimagined the onboarding experience for Mac users enrolled in Intune. Platform SSO for macOS simplifies the onboarding process, and offers a familiar and native macOS experience. Notably, it eliminates the need for Mac users to launch the Company Portal app to access resources protected by Conditional Access on Intune-managed Macs, streamlining the user experience.
Passwordless Authentication with Platform Credentials:
Enabled by Platform SSO and powered by Microsoft’s Enterprise SSO plug-in, Platform SSO for macOS introduces a passwordless experience for users. Utilizing Touch ID to unlock devices and sign in to Entra ID through a device-bound cryptographic key, this feature ensures a secure yet convenient authentication process.
Cost-Efficient Security Measures:
By adopting Platform SSO for macOS, businesses can potentially save costs associated with traditional security keys or even additional hardware. The reduces reliance on external security measures while maintaining a high level of security— providing a win for both organizations and end-users.
How to create the Platform SSO Configuration
The options for creating the config are quite specific but the authentication method can be changed from password to secure enclave.
- Password as authentication method: This syncs the user’s Microsoft Entra ID password with the
local account as well as enables SSO across apps that use Microsoft Entra ID for authentication.
- Secure Enclave key as authentication method: This provisions secure enclave backed
cryptographic key that is used for SSO across apps that use Microsoft Entra ID for
authentication. The user’s local account password is not affected and is required to log on to the