Secure Enclave Use for MAC like Windows Hello For Business "macOS Platform SSO for Microsoft Entra ID with Jamf Pro"

To deploy Platform Single Sign-On (SSO) for macOS integrated with Microsoft Entra ID, especially using the Secure Enclave key method, here’s a comprehensive step-by-step guide based on Microsoft & Jamf

Overview

Platform SSO allows macOS users to authenticate using:

Microsoft Entra ID credentials
Smart cards
Secure Enclave-backed keys (recommended for phishing-resistant MFA)

In Secure Enclave mode, the local account password remains unchanged, and knowledge of it satisfies MFA requirements for Conditional Access.

Deployment Steps

Step 1: Determine Authentication Method

Choose one of the following:

Secure Enclave (Recommended)
Smart Card
Password Sync

For Secure Enclave:

Works on macOS 13+ (full support on macOS 14+)
Uses hardware-bound cryptographic keys
Leaves local account credentials unchanged
Supports phishing-resistant MFA

https://learn.jamf.com/en-US/bundle/technical-articles/page/Platform_SSO_for_Microsoft_Entra_ID.html

Be the first to reply!

Overview

Deployment Steps

Step 1: Determine Authentication Method

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded