Apple Platform SSO with Automated Device Enrollment in macOS 26 - Entra ID

you can use Enrollment customisation and create a local account 

If you allow me to “swear in church” as we say here, this works if you use Intune for MDM, and migration is now supported for existing devices. 

This is what has my team looking to move from JAMF to Intune. User experience is paramount here - so JAMF needs to get on the grind and figure this out ASAP. 

We are still on Jamf, mind you, but since we already have some devices in Intune, it is tempting to have a single platform for all MDM. Looking at all the content I have amassed in Jamf - configuration profiles, scripts, groups, policies, packages… sometimes I wonder if more or less than half of them would even be necessary if it wasn’t for Jamf legacy fixes and workarounds and other kludges. 

And because Intune is included in all Microsoft licenses from at least E3, possibly even Premium, it’s something that many of us already pay for. 

If the woes for windows isn’t big enough, Intune is sloooow and I’ve heard the regrets of moving to it from other orgs. While it’s already paid for with licensing, you’ll be continually paying for it with trying to figure out workaround on “instant” deployment (e.g.: JAMF) vs “wait up to 8 hours” (e.g.: Intune). 

*Even Microsoft internally uses JAMF to manage their Macs last time I spoke with Paul Bowden. 

Like I said, I feel like most of my Jamf content today is “workarounds” already. The sheer number of profiles required to distribute Defender or the old Jamf Connect profiles (we were early adopters) that I don’t know if I can rebuild into the newer sleeker deployment, not to mention all the old JamfAAD fixes and Login items fix for Ventura.. 

We were part of the NoMAD Pro trial (pre JAMF connect) when Joel Rennich built it. There were only 2 profiles to configure, then a third for licensing (namely when JC came around). 

Now you’ve got me thinking how I can use something like terraform to convert everything to Intune (or a different MDM). That may be a fun project - not that I’ll use it; just to see if it can be done. 

Labbing with different MDMs has become much easier in 2025. Migrating a device takes 24 hours in ABM via the “Assign device management” on any organization device with a deadline attached. There’s a user-facing popup for it too. Pretty neat! 

Yeah there is a cost to being a first adopter, sometimes it takes ten hours of three pros in a room together to make new products work and once they work nobody dares touch the house of cards. :D And sometimes it’s two configuration profiles!