Blog Post

Microsoft Entra Blog
3 MIN READ

Now Generally Available: Platform SSO for macOS with Microsoft Entra ID

veenasoman's avatar
veenasoman
Icon for Microsoft rankMicrosoft
Aug 12, 2025

Platform SSO for macOS builds on the Microsoft Enterprise SSO plug-in for easier, more secure sign-ins.

We’re pleased to announce the General Availability (GA) of Microsoft’s support for Platform Single Sign-On (Platform SSO) for macOS, providing enterprise environments with an integrated, secure, and improved single sign-on experience on Apple devices.

What is Platform SSO?

Platform SSO is an advanced feature integrated into macOS and supported by Microsoft Enterprise SSO plug-in. This functionality enables users to authenticate on their Mac with their Microsoft Entra ID credentials, providing seamless single sign-on across applications and browsers, while minimizing repeated prompts and reducing authentication fatigue.

 

                                         Platform SSO enables users to authenticate with Entra ID at the time of macOS login.

Why it matters

Platform SSO is designed to meet the evolving needs of hybrid work and zero trust security. With Platform SSO, organizations can:

  • Enable passwordless sign-in by configuring Platform SSO with either the UserSecureEnclaveKey (platform credentials) or Smart Card authentication methods.
  • Leverage device-bound passkeys without additional hardware costs by using the Secure Enclave-backed UserSecureEnclaveKey.
  • Synchronize passwords with local accounts. When set up with the password authentication method, users are able to sign in to their macOS device using their Microsoft Entra ID password. This allows for single sign-on across Entra ID-connected applications and removes the need to manage separate local credentials. Platform SSO takes care of keeping the local account password in sync with Entra ID password updates. Customers who continue to use password-based authentication can select this option.
  • Deliver seamless SSO across native macOS apps and supported browsers like Microsoft Edge, Safari, Firefox, and Google Chrome.
  • Simplify onboarding with streamlined device registration and support for Just-in-Time (JIT) compliance setup.

Positive signals from early adopters

Since its public preview in May 2024, Platform SSO has been adopted by many organizations spanning key industries such as education, healthcare, finance, and technology. Customers have embraced it to simplify onboarding, reduce helpdesk tickets, and strengthen their zero-trust posture. Your feedback has been instrumental in shaping the GA release, and we’re grateful for the collaboration that helped us refine the experience.

What’s new since public preview

Since the public preview, we’ve partnered closely with customers and partners to enhance the Platform SSO experience. The GA release introduces several key improvements:

  • Hardware biometric enforcement. Support for Secure Enclave-backed user keys enables stronger, phishing-resistant authentication.
  • Enhanced telemetry and diagnostics. Improved visibility and troubleshooting tools for IT administrators.
  • Granular authentication strength controls. More precise policy enforcement aligned with your security posture.
  • New Microsoft Graph APIs. Programmatic access to configure, query, and manage Platform Credential authentication methods.
  • Improved sign-in logs. Richer insights into authentication events using platform credentials.
  • Cloud Kerberos support. Seamless access to Azure file shares from macOS devices.

Ready to modernize your macOS sign-in experience?

Deploy Platform SSO now to give users more secure, seamless sign-in access.

To deploy Platform SSO in your organization:

  1. Ensure devices are running macOS 13+ (macOS 14+ recommended for full feature support) and are MDM-enrolled (such as in Intune).
  2. Install the latest Microsoft Intune Company Portal app (v5.2504.0 or later).
  3. Configure Platform SSO policies in Intune or your preferred MDM.

For step-by-step guidance, read the Platform SSO documentation.

What’s next

The journey doesn’t stop at GA—future updates will bring powerful additions to Platform SSO, including JIT compliance remediation and a redesigned My Security Info interface for managing Platform Credential authentication methods. Support for the newly introduced Platform SSO functions on macOS Tahoe 26 will be evaluated and incorporated into future Company Portal releases as appropriate. Stay tuned!

 

Justin Ploegert

Principal Product Manager, Microsoft - LinkedIn

Veena Soman
Senior Software Engineer, Microsoft - LinkedIn

 

Learn more on this topic

 

Learn more about Microsoft Entra

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.

Updated Aug 11, 2025
Version 1.0

3 Comments

  • sajeel's avatar
    sajeel
    Copper Contributor

    I have configured this for my device and using this from last two months.

     I have one question as i have to login to multiple Microsoft 365 tenant for project based work, Is it possible to disable this for certain browser or browser profile.

    • veenasoman's avatar
      veenasoman
      Icon for Microsoft rankMicrosoft

      While Platform SSO cannot be disabled for a browser, you can sign out of PSSO registered account on the website and sign in with other account as needed. 

  • mcap241755's avatar
    mcap241755
    Copper Contributor

    "That’s an impressive feature! I hope it integrates smoothly with macOS. Appreciate you sharing it!"