Today we’re announcing that Platform SSO for macOS is available in public preview with Microsoft Entra ID. Platform SSO is an enhancement to the https://learn.microsoft.com/en-us/entra/identity-platf...
Updated May 06, 2024
Version 2.0
Blog Post
FYI for Jamf Pro admins from Ben Whitis in the Mac Admins slack channel if you are already using Device Compliance!
I raised a ticket on Jamf support: CS1166864
https://macadmins.slack.com/archives/CSLNS5GEN/p1715011477144259
Big disclaimer, I would not use this in production at the moment.That said, if JamfAAD is included in an allowed app prefix in the SSOe config, such that it can use the SSOe, it will still have access to the WPJ cert through the SSOe.However, the device ID changes when you sign in to PSSO, and that creates a new record in Entra ID as well. In order to trigger the relay of compliance data to that new record, a gatherAADInfo needs to run.If you’re just working in testing, you can just run this command in Terminal after signing in to PSSO: /Library/Application\ Support/JAMF/Jamf.app/Contents/MacOS/Jamf\ Conditional\ Access.app/Contents/MacOS/Jamf\ Conditional\ Access gatherAADInfoAs long as SSOe is working, this should result in the new record becoming compliant/non-compliant.Future looking, there is a way for us to detect when a user signs in to PSSO, so we are working on an implementation to immediately run the gatherAADInfo when that happens. I would hold off on deploying PSSO in production to registered machines until this work is complete.