Published: Aug 30, 2023
Key takeaways:
- Microsoft will soon roll out Platform Single Sign-On (SSO) capabilities for Mac devices.
- The feature streamlines the authentication process for Entra ID accounts, providing a unified SSO experience for supported applications and websites.
- Platform SSO simplifies the employee onboarding process for IT administrators.
Microsoft is getting ready to enhance the user experience for Mac devices with its upcoming Platform Single Sign-On (SSO) capabilities. The new feature will offer a seamless and secure way for macOS users to access their Entra ID accounts across various applications and websites.
Microsoft launched its Enterprise Single Sign-On (SSO) plug-in for Apple devices back in June. Single sign-on is an authentication technique that lets users access multiple apps and websites with a single credential through a web browser. The SSO extension allows users to sign into their macOS devices with passwordless credentials or Entra ID-managed passwords. It provides a seamless and consistent device-wide single sign-on (SSO) experience for Entra ID (formerly Azure AD) accounts across all supported applications and websites.
Microsoft’s new Platform SSO feature is an improvement to the existing SSO extension capabilities available for Mac devices. It’s designed to eliminate the need for security keys and other hardware for user authentication on Mac devices.
“Enabled by Platform SSO and powered by Microsoft’s Enterprise SSO plug-in, Platform Credentials for macOS allow users to go passwordless by using Touch ID to unlock their device and be signed into Entra ID under the hood using a device bound cryptographic key. It uses phishing-resistant credentials, based on the technology we use for Windows Hello for Business, and backed by Apple’s hardware already in your device,” Microsoft explained.
For organizations that are not yet ready to go passwordless, Platform SSO allows the synchronization of Entra ID passwords and local accounts on macOS. This means that users will no longer need to remember separate passwords for different accounts. The Platform SSO feature also lets administrators configure the end-user authentication method such as traditional passwords and phishing-resistant credentials.
For IT admins, Platform SSO helps to streamline the employee onboarding experience for macOS users in Microsoft Intune. For instance, users will no longer need to open the Company Portal app to access sensitive resources on managed Mac devices.
The Platform SSO for Mac feature is currently available in private preview for commercial customers. Microsoft plans to make this capability available in public preview in the next few months. At launch, the feature will only support Microsoft Intune, with support for other MDM solutions coming in the future.
Microsoft recommends IT admins to prepare for the upcoming public preview of Platform SSO. They will need to deploy the Microsoft Enterprise SSO plug-in, ensure that users are enrolled for Microsoft Entra ID multifactor authentication, and update devices to macOS Ventura (or later).