Coming Soon – Platform SSO for macOS

Earlier this year we took a big step towards improving customers' experience with Apple devices by providing companies with the Microsoft Enterprise SSO plug-in for Apple devices. This plug-in enables Microsoft users to have device-wide single sign-on (SSO) for all apps and websites in a consistent, secure, and seamless way. Best of all, it always stays up to date with the latest Microsoft technologies as they evolve. 

Today we're announcing a powerful enhancement to these capabilities – Platform SSO for macOS. This enhancement is designed to make using your macOS devices more seamless and secure than ever. 

Platform SSO is an enhancement to the existing SSO Extension capabilities for macOS, which allows users to sign into their Macs using passwordless credentials or passwords managed and validated by Entra ID.Platform SSO is an enhancement to the existing SSO Extension capabilities for macOS, which allows users to sign into their Macs using passwordless credentials or passwords managed and validated by .

Enabled by Platform SSO and powered by Microsoft's Enterprise SSO plug-in, Platform Credentials for macOS allow users to go passwordless by using Touch ID to unlock their device and be signed into under the hood using a device bound cryptographic key. It uses -resistant credentials, based on the technology we use for Windows Hello for Business, and backed by Apple's hardware already in your device. This will save your organization money by removing the need for security keys or other hardware. Once you sign in, the existing Microsoft Enterprise SSO plug-in continues to do its magic keeping you signed into the apps you use for work, but with a credential that's safer and more secure. 

For those not ready to completely remove passwords from Entra ID sign-ins, Platform SSO for macOS allows organizations to synchronize their local account password and their Entra ID passwords so users can use one credential across their macOS device. No more remembering separate passwords.  

Platform SSO for macOS also allows admins to configure the end-user method, specifying either the -resistant credential or a traditional password as the method.  

sdriggers_0-1692362816646.jpeg

Simplified Management 

As part of this update, we've reimagined the employee onboarding experience on Macs for users of Microsoft Intune. Platform SSO for macOS simplifies the employee onboarding experience on Microsoft Intune by enabling a familiar and native macOS experience that Mac users will love. As an example, it eliminates the need to launch the Company Portal app to access resources protected by Conditional Access on Intune-managed Macs. To learn more about how Microsoft Intune is innovating in Apple device management, see 10 ways Microsoft Intune improves Apple device management – Microsoft Community Hub. 

The upcoming public preview of Platform SSO for macOS will work with Microsoft Intune. Other MDM providers will be coming soon. 

Helping You Go Zero Trust 

Through our integration with the Secure Enclave included in modern Macs, the passwordless authentication method offers a powerful means for enterprises to advance their zero trust security objectives. By eliminating passwords as a primary attack vector, organizations can significantly enhance their security postures.

The credentials used in passwordless systems are bound to physical hardware. This requires attackers to gain physical access to specific hardware rather than steal login information, making unauthorized access even more challenging. 

How to Prepare 

We are currently in private preview with select customers today with public preview coming soon. If you'd like to be considered to be added to the private preview, please contact Platform SSO for macOS feedback. Spaces are limited.

Meanwhile, you can prepare your organization for Platform SSO for macOS by taking the following steps:

  1. Deploy the Microsoft Enterprise SSO plug-in. 
  2. Ensure users are registered for Microsoft Entra ID multifactor authentication; for the best experience, we recommend using Microsoft
  3. Update macOS devices to macOS 13 (Ventura) or later. 

Summing up 

Platform SSO for macOS is a big step towards enhancing the SSO experience and security of the Macs in your organization. Users benefit from SSO through a hardware-bound key or by signing in to a Mac using their Microsoft Entra ID password. The integration with the Secure Enclave enables hardware-bound, passwordless, -resistant authentication on macOS devices advancing enterprises' zero trust security objectives. At public preview launch, Platform SSO for macOS can be natively managed with Microsoft Intune, with support for other MDM providers coming soon. 

Learn more about Microsoft Entra:

 

This article was originally published by Microsoft's Entra (Azure AD) Blog. You can find the original article here.