Microsoft Enterprise SSO for Apple Devices Is Now Available for Everyone
Howdy folks,
Today I’m excited to announce the General Availability of the Microsoft Enterprise SSO plug-in for Apple devices. This product provides single sign-on (SSO) for Azure Active Directory (Azure AD), now a part of Microsoft Entra, accounts on macOS, iOS, and iPadOS across all applications that support Apple's enterprise single sign-on feature. This includes older applications your organization depends on that don’t use the latest libraries or protocols and may not have access to the latest Microsoft Entra features.
Now any compatible application can benefit from the latest security and identity features we offer without needing to update a single line of code. Your favorite apps are also supported, including Microsoft Office, Edge for macOS, Safari, and more. Best of all, we support most mobile device management (MDM) providers your organization uses including Microsoft Intune and JAMF.
This product is a result of a close collaboration between Microsoft and Apple, as well as great feedback from thousands of customers who have used this product across finance, aerospace, and retail. You can check it out here.
Provide your employees great mobile SSO without updating your applications!
Your organization has developed Line of Business applications on iOS, iPadOS and macOS that your business depends on, but keeping these applications up to date with the latest security and identity features is difficult. Sometimes these applications were written by vendors or employees who have long since left the company. Sometimes organizations don‘t have the resources to update these applications to use the latest security and identity best practices.
What's great about Microsoft Enterprise SSO for Apple Devices is that we take the work of supporting the latest features and security updates away from organizations and do the work for you. We provide the latest updates in a Microsoft Enterprise SSO Plug-In that’s constantly updated and delivered to all your organization’s devices that are under management. We do this by providing this Plug-In to applications your organization already uses, including the Microsoft Authenticator and Microsoft Company Portal applications. Once you’ve configured your MDM provider correctly, the Microsoft Enterprise SSO Plug-In goes to work listening to every authentication request at the network level and then runs the plug-in as needed. We automatically maintain the users on the device and ensure they get signed in with the latest credentials available to them. This provides users with a great SSO user experience and great security at the same time!
Most of the applications you love are already supported, including Office!
This benefit doesn’t just stop with your own applications. Any application that supports Apple's enterprise single sign-on feature will get all the benefits listed above, including SSO. This includes all macOS, iOS, and iPad Office applications, Microsoft Edge on macOS, Safari, and much more. Applications that don’t use Apple’s network libraries won’t be eligible to use this feature for now, but we anticipate every application will support Apple’s Enterprise SSO feature in the future.
All you’ll need to do to get the best Entra experience for your employees is keep your apps updated!
Get started
This product represents over five years of work between Microsoft and Apple to realize, and we’re excited for you to deploy it. You can learn more about the Microsoft Enterprise SSO Extension visiting here. We also provide MDM-specific deployment guidance here when you’re ready to deploy.
If you’d like a deeper understanding of the Microsoft Enterprise SSO Extension, check out our video on SSO for Azure AD on Apple Platforms. We also recommend that you integrate your Apple devices with Conditional Access. Finally, if you need help troubleshooting the Microsoft Enterprise SSO Extension, check out our Troubleshooting Guide.
Best regards,
Alex Simons (@alex_a_simons)
CVP of Product
Microsoft Identity and Network Access Division
Learn more about Microsoft identity:
- Return to the Microsoft Entra (Azure AD) blog home
- Join the conversation on Twitter and LinkedIn
- Share product suggestions on the Entra (Azure AD) forum