Blog Post

Microsoft Entra Blog
3 MIN READ

Coming Soon – Platform SSO for macOS

brian_melton-grace's avatar
brian_melton-grace
Brass Contributor
Aug 29, 2023
Earlier this year we took a big step towards improving customers’ experience with Apple devices by providing companies with the https://learn.microsoft.com/en-us/azure/active-directory/develop/apple-...
Updated Aug 22, 2023
Version 1.0
announcements and product news
brian_melton-grace's avatar
Brass Contributor
Joined December 19, 2020
View Profile
Microsoft Entra Blog
Stay informed on how to secure access for employees, customers, and non-human identities, from anywhere, to multicloud and on-premises resources, with comprehensive identity and network access solutions powered by AI.
CSOL1230987's avatar
CSOL1230987
Copper Contributor
Oct 23, 2023

As per sujithtnch57 comment above, I've done some more testing using the example:

 

Request for password reset done via Administrator in Entra AD. Admin changes it to a temporary password.

 

When logged onto the macbook you're prompted to sign in again to resync your password - This fails for both new and old passwords

I then signed into https://portal.office.com using the new password where, as expected I was prompted to reset the password - which I did.

I was still unable to 'resync' the password using either the old, the temporary, or the new password.

I fired up Company Portal and signed into it using the new password.

I then tried the 'resync' again, and this time using the new password worked. 

 

Second scenario, user has forgot their password and are at the macbook logon screen.

- I again reset the password via EntraAD

- new password was not accepted

I then signed into https://portal.office.com on another computer using the new password where, as expected I was prompted to reset the password - which I did.

- I was still unable to log into the mac

- selected 'other' and used the EntraID username / password - this also failed.

 

So my next question is, if a user forgets their password to their macbook, and it's Plaform SSO enabled how do they get access to it again?

They can't even use the option to reset it via their apple id as this doesn't accept the new password (I'm using business owned apple ID's with Entra federation.

 

Anyone know how to work around this?

 

UPDATE: Just re-read the comments for this page and spotted the 'Include Network Users' option. I've now enabled this and checked that it's there in the profiles on the laptop but I cannot sign in using any network user.  At present it shows, 'Show Other Users' & 'Include Network Users' both set to True. I'm guessing I've missed something here, any help would be appreciated.