macOS Platform SSO Enters Public Preview Phase
Image Source:
Microsoft Entra
May 6, 2024 11:00 PM

macOS Platform SSO Enters Public Preview Phase

by HubSite 365 about Microsoft

Software Development Redmond, Washington

AdministratorMicrosoft EntraM365 AdminM365 Release

Seamless macOS SSO: Microsoft Entra ID Enhances Security & Management! Public Preview Now.

Key insights



  • Platform SSO for macOS is now available in public preview, enhancing Microsoft Enterprise SSO for Apple devices for seamless device management.
  • Passwordless authentication is introduced for macOS, featuring Secure Enclave, smart cards, and password synchronization methods.
  • Documentation and tutorials for Platform SSO setup and deployment are available on Microsoft Learn to assist organizations in implementation.
  • Organizations are advised to prepare their macOS devices by updating the Company Portal, deploying the Enterprise SSO plugin, and ensuring user registration for multifactor authentication.
  • Future updates during the public preview will introduce additional controls, reports, and API capabilities for Platform SSO on macOS.

Exploring Platform SSO for macOS

Platform SSO for macOS represents a significant leap forward in managing and authenticating users on Apple devices within corporate environments. This new offering, provided in public preview with Microsoft Entra ID, is designed to streamline the user experience, providing seamless and secure access to device and application resources. By introducing Platform SSO, Microsoft not only enhances device management capabilities but also embraces the shift towards passwordless authentication. This shift is evidenced by the inclusion of methods such as Secure Enclave, which permits users to login without a password, leveraging hardware-bound cryptographic keys for authentication.

Today, Microsoft excited to share that Platform SSO for macOS is now available in public preview with Microsoft Entra ID. This represents an improvement to the Microsoft Enterprise SSO plug-in for Apple devices, enhancing both the ease of use and security for managing Mac devices. Moreover, during the public preview, Platform SSO will support Microsoft Intune and plans to include additional MDM providers.

Microsoft Entra Join for macOS. This feature utilizes the Enterprise SSO plug-in to create a secure, hardware-bound device record in Entra ID. It necessitates an Entra ID organizational account for operation. Furthermore, we're debuting three new authentication methods that promise a more seamless and passwordless user experience, all configurable with MDM and accessible as part of the free Microsoft Entra ID offering.

These methods include passwordless authentication using the Secure Enclave, passwordless sign-in with smart cards, and password synchronization with local accounts. Each method facilitates SSO across apps and devices, enhancing both convenience and security. Updated guides and tutorials for setting up Platform SSO for macOS can be found on Microsoft Learn, guiding through establishment, deployment, usage, and troubleshooting steps.

  • Enable devices to use Company Portal version 5.2404.0 or newer.
  • Deploy the Enterprise SSO plug-in.
  • Register users for Microsoft Entra multifactor authentication. Microsoft Authenticator is recommended for the optimal experience.
  • For Google Chrome users, install the Microsoft Single Sign On extension.
  • Update macOS devices to at least macOS 13 (Ventura), with macOS 14 (Sonoma) recommended for the best features and experience.

In the future, further enhancements including additional controls, reporting, audit, and sign-in logging capabilities will be rolled out. Similarly, Microsoft Graph will introduce APIs to configure, query, and manage these capabilities, enhancing the overall user and admin experience. Some features may require a premium Entra ID license.

Read the full article Platform SSO for macOS now in public preview

People also ask

What is platform SSO on Mac?

Platform Single Sign-on (SSO) enables developers to create SSO extensions that integrate into the macOS login interface, facilitating the synchronization of local account credentials with an identity provider (IdP). This synchronization ensures the local account password is automatically updated to match the cloud password, thereby maintaining consistency between the two.

How to enable SSO in Mac?

SSO can be activated for applications that do not utilize MSAL (Microsoft Authentication Library) by installing the SSO plug-in. This installation occurs automatically on devices that have either the Authenticator app for iOS/iPadOS or the Intune Company Portal app for macOS, and are MDM-enrolled within your organization.

What is the mac SSO extension?

Apple's framework includes support for two types of SSO Extensions - Redirect and Credential. The Microsoft Enterprise SSO plugin, functioning as a Redirect type, is specifically designed to facilitate authentication processes with Microsoft Entra ID, making it the preferred choice for authentication brokering to Microsoft services.

Can Microsoft Entra ID passwords be used to log in to Mac?

By employing federated authentication through Apple Business Manager and linking it to Microsoft Entra ID, users can utilize their Microsoft Entra ID credentials, typically their email address and password, as Managed Apple IDs to log in to Apple devices. This integration allows for seamless use of Microsoft Entra ID credentials across Apple environments.



Platform SSO macOS public preview authentication integration security technology