Forum Discussion

MCT

May 24, 2024

Platform SSO for macOS not working

(Update after long troubleshooting: the two main issues until now were: Leading and/or trailing spaces in the configs > They lead to visible and unvisible errors! When using in europe you need to re...

Intune

macos

mobile device management (mdm)

Platform SSO

PSSO

PatrickF11

MCT

Aug 26, 2024

Thanks for your posting. But we need to make clear that there is a huge difference in using "Password" or "Secure Enclave Mode".
In my understanding:
Password is only a thing to make the user experience a little better by keeping the entra id and the local password in sync, so the user only need to remember one password.

Secure Enclave instead is a feature like Windows Hello for Business, so some kind of passwordless authentication which is respected by entra mfa.

Are there any other thoughts regarding my estimation?

nhtkid

Iron Contributor

Aug 29, 2024

Hi PatrickF11 you are absolutely right.

Secure Enclave is considered the most secure, advanced passwordless authentication method that MS offered for Mac. However, I don't use it.

Secure Enclave will leave you with a local password. Unlike WHfB, when users forget the PIN, they can still log in using Entra password as a backup, if users forget the local password for Secure Enclave, they cannot log in. It's not like a password admin could help users to reset via Entra or ABM.

I don't know how you can work around this issue. If you do, please let me know coz I do like to use Secure Enclave.

On the other hand, "Password" authentication syncs the local password with Entra so you don't have this issue. It's no better than the old school NoMAD setup, but the process is definitely simpler and seamless with MS.