Platform SSO with Mac Using Microsoft Intune

Microsoft Intune's platform SSO (Single Sign-On) for Mac Setup Overview

In today's workplace, integrating various operating systems seamlessly is crucial. Microsoft Intune's platform SSO (Single Sign-On) for Mac provides a similar experience to Windows Autopilot, streamlining the enrollment and setup process. Here’s a comprehensive guide on how to get started with platform SSO on a Mac using Microsoft Intune.

Read the official release blog here!

Prerequisites

Before diving into the setup process, ensure you have the following prerequisites:

• Apple Business Manager Account: This is analogous to Windows Autopilot for Macs. The Mac must be registered here and connected with Intune.

• Microsoft Azure Account: Required for Azure AD credentials used during the sign-in process.

See the full docs here. Please fully review before proceeding!

Credit

Step-by-Step Setup Process

1. Enroll Mac in Apple Business Manager: First, your device must be enrolled in Apple Business Manager, which allows for seamless integration with Intune.

2. Connect Mac to Intune:

   • Navigate to Devices > macOS > Enrollment in the Intune admin portal.

   • Setup an enrollment program token, which is necessary for connecting your Mac with Intune.

3. Create an Enrollment Profile:

   • Go to macOS enrollment and create a new profile.

   • Name your profile (e.g., "YouTube Mac Enrollment") and configure the settings:

     • User Affinity: Choose 'Enroll with User Affinity'.

     • Authentication Method: Select 'Setup Assistant with Modern Authentication'.

     • Ensure your Mac is updated to at least macOS 10.15.

4. Configure Company Portal Application:

   • The Company Portal app must be deployed as a required app.

   • Download the Company Portal installer package from Microsoft and upload it to Intune as a Line of Business app.

5. Create a Configuration Profile for Platform SSO:

   • In Intune, create a new configuration profile for macOS.

   • Include necessary settings such as the extension identifier and authentication method specific to macOS.

6. Device Enrollment and Setup:

   • Power on the Mac and begin the setup process.

   • Connect to a Wi-Fi network or a wired connection.

   • The device will recognize its management by Intune and prompt for enrollment.

7. Sign-In and Authentication:

   • Upon enrollment, sign in with your Azure AD credentials.

   • Follow prompts for Multi-Factor Authentication (MFA) if required.

   • The device will install the enrollment profile and block usage until setup is complete, akin to the Enrollment Status Page (ESP) in Windows.

8. Final Configurations:

   • Configure local account settings, time zone, and Touch ID.

   • The setup ensures the primary account is configured as per the organization's standards.

Key Configuration Options

• Locked Enrollment: Prevent users from bypassing the enrollment process.

• Display Tone & Touch ID Settings: Customize user experience during setup.

• Department and Contact Info: Customize these details for the device setup screens.

By following these steps, your Mac will be fully integrated into your organization's IT environment with Microsoft Intune, providing a streamlined and secure user experience similar to that of Windows Autopilot. This setup not only enhances security but also simplifies the management of macOS devices within enterprise environments.

#MicrosoftSecurity

#MicrosoftLearn

#CyberSecurity

#MicrosoftSecurityCopilot

#Microsoft

#MSPartnerUK

#msftadvocate