As many a Mac user knows, the corporate world is Microsoft’s domain. Microsoft doesn’t totally ignore macOS, however, and it does make efforts to better Mac interoperability with Microsoft enterprise products. Just this week, for example, Microsoft announced that it will be offering Platform Single Sign-On (SSO) for Macs on enterprises with Microsoft Entra ID.
Entra ID (which replaced Azure Active Directory) is a customer identity and access management platform. In a blog post, Microsoft Senior Product Manager Brian Melton-Grace wrote that when Touch ID is used to log into a Mac you’ll be signed into Entra ID with a cryptographic key. “It uses phishing-resistant credentials, based on the technology we use for Windows Hello for Business, and backed by Apple’s hardware already in your device,” wrote Melton-Grace. “This will save your organization money by removing the need for security keys or other hardware.”
With Platform SSO, the security credentials stay active and allow users to access work software, but companies will be allowed to “synchronize their local account password and their Entra ID passwords so users can use one credential across their macOS device.” Admins will also be able to configure the end-user authentication with a phishing-resistant credential or a traditional password.
A Microsoft product manager told MacWelt that Magic Keyboards with Touch ID are expected to work the same as Touch ID built into a MacBook. Also, Touch ID is not required to use Platform SSO. Apple Watch integration is not included at this time.
Microsoft is providing a private preview of Platform SSO with select customers, which will eventually be transitioned to a public preview. An official release has not been announced, but apparently, it can’t come soon enough for people who think Macs aren’t “real computers.”
Microsoft recommends that admins implement the Microsoft Enterprise SSO plug-in for Apple devices to prepare for Platform SSO. Microsoft also recommends that Ensure users register for Microsoft Entra ID multifactor authentication, and that Macs are running macOS Ventura or later.