Celiveo 365

Configure macOS with Microsoft Enterprise SSO

Microsoft’s Enterprise Single Sign-On (SSO) Solution

Microsoft has introduced its Enterprise SSO solution for Apple devices, supporting iOS, iPadOS, and macOS through Azure Entra ID accounts. This feature seamlessly integrates with the applications previously supported by Apple’s built-in SSO capability.

Single Sign-On (SSO) is an authentication method that allows users to access multiple applications or websites using a single credential via their browser. Microsoft’s implementation enhances user experience by automating login processes across various services, thereby eliminating the need for multiple usernames and passwords. This streamlined approach reduces login friction, making it more efficient for accessing applications like macOS CVP365.

Pre-requisite to enable Microsoft Enterprise SSO

To enable the Microsoft Enterprise SSO plug-in for macOS devices, ensure the below steps :

  1. MDM of choice manages the macOS target device.
  2. macOS should run on Catalina v10.15 or higher.
  3. Intune Company portal App needs be installed on the macOS device in order to enable the Microsoft Enterprise SSO plug-in and the SSO functionality.
  4. Ensure that the SSO type is Microsoft Enterprise SSO Plug-in and not Kerberos SSO Extension further information available here.

If you are using a different MDM like Jamf Pro please check the requirements here.

Configure Microsoft Enterprise SSO Plug-in in Intune

  1. Access the Intune Portal:
    1. Sign in to the Microsoft Intune admin center https://intune.microsoft.com/
  2. Navigate to Configuration Profiles:
    1. On the left sidebar, go to Devices > Policy and select Configuration profiles.
  3. Create a New Profile:
    1. If there are existing configuration profiles listed on the right side, proceed to create a new one by clicking Create Profile.
  4. Configure Profile Settings:
    1. Select the appropriate categories for profile creation:
      1. Platform: macOS
      2. Profile type: Templates
  5. Click Create to define the configuration parameters.
  6. To set Profile Details, Provide a Name and Description for the profile, then click Next.
  7. Configure SSO Settings: Under the Configuration settings tab > Select Single sign-on app extension and configure the following properties:
    1. SSO app extension type: Choose Microsoft Azure AD to enable the Enterprise SSO functionality.
  8. Define Scope Tags: Use Scope tags for easier management of policies and filtering options in Intune.
  9. Assign User Groups: Specify which user groups should have access to the profile using Assignment Group, by selecting included or excluded groups, then click Next.
  10. Finalize Profile Creation: Review the configuration settings on the Review+create page. If any changes are needed, make them before clicking Review + Create.
    Deployment and Monitoring:

After creating the profile, it will be deployed to the devices automatically within a few minutes. To check the deployment status, review the list of devices in the Intune admin center.

Last modified: 13 March 2025

Feedback

Was this helpful?

Yes No
You indicated this topic was not helpful to you ...
Could you please leave a comment telling us why? Thank you!
Thanks for your feedback.

Post your comment on this topic.

Post Comment