Help

Microsoft Enterprise SSO Prompts to Enroll in Intune

McAwesome
Valued Contributor

Posted on ‎03-20-2024 02:22 PM

We're currently testing out the Microsoft Enterprise SSO plug-in (without Platform SSO) for macOS and have run into an odd problem.  Everything works perfectly, but if the user opens the Company Portal application it tries to get them to enroll the device into Intune.  This makes for an awkward scenario where the user is guided to download the Intune management config, see it fail to install, and then back out until they can say "Postpone."  Not a great experience, and telling people to just not open the app doesn't really work at scale.  Is there any way to suppress this Intune enrollment prompt from the Company Portal app when we deploy it for the Microsoft Enterprise SSO?

 

NOTE: We're not currently using Intune for device management outside some testing, and we do not have Device Compliance integration set up just yet. It's on our roadmap, but hasn't been a high priority.  We can probably move it up if it is an assumed prereq for the Microsoft Enterprise SSO plugin.

Labels:
0 Kudos
Reply
9 REPLIES 9

wakco
Contributor III

‎03-20-2024 04:54 PM - edited ‎03-20-2024 05:33 PM

I'm still testing as well, but I had thought about that, (we are not using Intune for Macs either), so I set up a couple of restrictions in Restricted Software, one with a message for users, one without (for lab Macs), here is a screenshot of the one with...

Screenshot 2024-03-21 at 12.53.30.png

That should allow the Microsoft SSO Extension to continue to work, while blocking people from opening the Company Portal app.

Reply

AJPinto
Honored Contributor III
In response to wakco

Posted on ‎03-21-2024 05:14 AM

This is a good idea, I am going to steal this lol. Thanks!

0 Kudos
Reply

husnudagidir
Contributor

Posted on ‎05-07-2024 11:27 PM

Hi,

 

Is this feature ready for active use now? Is there anyone using it? Is it currently possible to log in to macOS devices with Azure ID? Is there any documentation on how to do this?

0 Kudos
Reply

wakco
Contributor III
In response to husnudagidir

Posted on ‎05-08-2024 12:18 AM

Officially, no, it just entered Public Preview, yesterday.

I have been testing it though, and yes, configured correctly it can enable logging into macOS with an Entra ID (formerly Azure AD account).

Yes, there is documentation that has been provided through the #microsoft-entra and #platform-sso channels on the MacAdmins Slack. I’ll try to paste them here shortly.

0 Kudos
Reply

wakco
Contributor III
In response to wakco

Posted on ‎05-08-2024 12:25 AM

https://techcommunity.microsoft.com/t5/microsoft-entra-blog/platform-sso-for-macos-now-in-public-pre...
https://learn.microsoft.com/en-us/mem/intune/configuration/platform-sso-macos
These are probably a good start, but allow me to remind you that it is a Public Preview, and it is not recommended to be pushing it out to all of your managed Macs yet, just concentrate on testing and working out how it might best fit in your environment. Microsoft currently have official release slated for January 2025, but this can be checked here: 

https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=383952

0 Kudos
Reply

husnudagidir
Contributor
In response to wakco

Posted on ‎05-15-2024 12:32 AM

Hi,

 

I will look at the documents. However, there is a question that comes to my mind. While using Jamf Connect, it directly asked me for my login ID and created a local user based on this. Is there a similar process in the process here? Will it be necessary to use a configuration profile as well?

0 Kudos
Reply

wakco
Contributor III
In response to husnudagidir

Posted on ‎05-15-2024 05:24 PM

Yes, config. profile is required.

0 Kudos
Reply

husnudagidir
Contributor
In response to wakco

Posted on ‎05-15-2024 02:06 AM

Hi,

 

I made the necessary configurations. However, I cannot pass the screen that asks for my entry ID. Even though I entered my information correctly, it remains on this screen. Has anyone experienced this or know a solution?Cursor_and_Notification_Center.png

0 Kudos
Reply

wakco
Contributor III
In response to husnudagidir

Posted on ‎05-15-2024 05:28 PM

I haven't had the issue myself, but I see everyone mentioning something about compliance and MFA, so you may want to check out the Microsoft Mac Admins linkedIn group, or the Mac Admins channels #microsoft-entra or #platform-sso.

0 Kudos
Reply