Forum Discussion

DavidFernandes's avatar
DavidFernandes
Former Employee
May 06, 2024

New Blog | Platform SSO for macOS now in public preview

By Brian Melton-Grace

 

Today we’re announcing that Platform SSO for macOS is available in public preview with Microsoft Entra ID. Platform SSO is an enhancement to the Microsoft Enterprise SSO plug-in for Apple devices that makes usage and management of Mac devices more seamless and secure.

 

At the start of public preview, Platform SSO will work with Microsoft Intune. Additional mobile device management (MDM) providers will be added during the public preview. Please contact your MDM provider for more information on support and availability.

 

As part of this release, we’re introducing Microsoft Entra Join for macOS. This feature uses the Enterprise SSO plug-in to create a hardware-bound device record in Entra ID. Entra Join requires the use of an Entra ID organizational account.

 

In addition, we’re making three new ways to authenticate available, all configurable with MDM and available as part of Microsoft Entra ID Free:

 

  1. Passwordless authentication with Secure Enclave: Like Windows Hello for Business, this method allows the user to interactively sign in to the desktop with their local account and password. Once the user signs in, a hardware-bound cryptographic key stored in the device’s Secure Enclave can be used as a trusted credential with Entra ID, giving the user SSO across applications that use Entra ID for authentication. This method allows users to go passwordless with Touch ID to unlock their device and be signed into Entra ID under the hood using a device-bound key. It can save organizations money by removing the need to purchase security keys, card readers, or other hardware. For information on our security and compliance standards, please see this guide. 
  2. Passwordless authentication with smart cards: With this method, the user signs into the Mac using an external smart card (or smart-card-compatible hard token like Yubikey). Once the device is unlocked, the smart card is further used with Entra ID to grant SSO across apps that use Entra ID for authentication. 
  3. Password synchronization with the local account: This method enables the user to interactively sign into the local machine account with their Entra ID password, granting SSO across apps that use Entra ID. The user no longer needs to remember separate passwords, and any changes to the Entra ID password are synchronized to the local machine. 

 

Read the full post here: Platform SSO for macOS now in public preview

 
No RepliesBe the first to reply

Resources