As of right now we enroll MacOS Devices in these steps.
Depnotify -> Self Service opens -> Sign in with Microsoft account -> Click Register Device (This is a register to intune policy) -> Sign in with Microsoft again -> Keychain popup opens -> Sign in with Microsoft again -> Type local password to approve saving in keychain -> done.
I already attempted to trigger the register to intune policy after depnotify ends, this should already prepare SSO so a login to the Self service is no longer needed. However, this seems to break the SSO. For some reason only triggering the policy from the Self service portal seems to work fine. Has anyone found a way to run the register to intune before opening the self service? And does that work?
Additionally, any other tips to reduce the amount of times you need to sign in? Is there a way to automatically allow the keychain popup rather than having to type your local password?