Unlocking Your Mac: Microsoft 365 Login Made Easy
Рет қаралды 13,349
Күн бұрын
@Jordan-k7l Ай бұрын
You need to have Apple MDM push certificates setup and also have per user MFA disabled, use a CA policy instead and it will work. Even if the MFA per user is off in Entra you need to disable it in the legacy menu for each user
@toddwoodford Ай бұрын
Great setup video but when you restart the Mac it still wants the local Mac password. How do you have biometrics without the local on a restart or the 365 password?
@Thulebeez Ай бұрын
Great now we revisit our hardware procurement specification , this just makes sense for me to get a Mac instead of a Surface laptop.
@DeekinBlooz Ай бұрын
Excellent and timely tutorial! Our MSP is currently setting this up for our Macs in our hybrid computing environment. I've shared the video with them because your tutorial is so detailed and clear. Thanks!
@jamesablanco Ай бұрын
Enjoyed this video! Definitely Setting this up in our organization! Hats off to you and your videos!
@marvnl Ай бұрын
I love this! It is almost perfect :). But what about the scenario as followed: macbook comes straight from apple and is uploaded to ABM. End user opens the macbook, boots it up and it says it is remote managed. Fills in the M365 account and due to sso policy it will create a standard account. Perfect. But, when local admin is needed for a task, what then? Because no local admin account has been created yet. It can be fixed if there is a bash script that creates a local admin account via intune, but I have not found such yet. Any idea?
@michaelvandensteen7994 Ай бұрын
Thanks for the tutorial. Although everything seems to work I can only login using my local admin password. So I can login as another user in My 365 organization but when I want to login with my own account only the local admin password is accepted (not my actual M365 password). Any idea what could be wrong?
@carlosernestozeledon5037 Ай бұрын
Hi Jonathan, awesome content, I got this question for you, how is this better or differente from Managed AppleID Federated authentication?
@JonathanLawton Ай бұрын
Great content Jonathan, I assume if the Mac is offline and a password is changed on M365 the Mac continues to authenticate using the old PW until it reconnects to the internet? Also when a password is changed on M365 how long does it take to push to a Mac? Final one I promise… if biometrics is used can you fall back to a password if biometrics fails or stops working?
@bearded365guy Ай бұрын
@@JonathanLawton Hi - Yes, if the Mac was offline then the old password would continue to be used. The password change it usually pretty quick. With the biometrics, the local username and password are kept as-is, not changed. So yes, a fallback.
@NickS-vn3xt Ай бұрын
Hi Jonathan, thanks this and other guides.... I've seen guides for this and for linking ABM to Intune but all seem to be for new devices or having to reset existing ones. Are there any options for deploying Platform SSO to macbooks that we already have enrolled to Intune? At the moment we use NoMAD to sync account creds with onprem AD but looking to move to Entra fully. Cheers!
@bearded365guy Ай бұрын
@@NickS-vn3xt Hi, you can still do it this way…. But you would need to push out company portal app.
@barcoproductions Ай бұрын
Major game changer! Thank you for demo this! Been waiting for this very long time! Keep making M365+MacOS videos :)
@markmm3310 Ай бұрын
Is passwordless authentication supported? I mean number matching, Yubikey or something like that instead of the password.
@bearded365guy Ай бұрын
Secure Enclave is passwordless.
@pedrovervaeke4291 Ай бұрын
Hi Jonathan, Does it also writes the Mac to the "Authentication methods" in EntraID when using the "password" option instead of "SecureEnclave"? SecureEnclave will register the Mac as an authentication method :)
@armankarambakhsh9863 Ай бұрын
Is this in any was possible for Windows, and without using Azure?!
@bearded365guy Ай бұрын
No, you need Entra and Intune.
@andrewenglish3810 Ай бұрын
How does this work with Entra/Azure AD hybrid environments?
@bearded365guy Ай бұрын
@@andrewenglish3810 It’s only supported in Entra Join environments, not hybrid.
@marvnl Ай бұрын
In case you are talking about macOS devices added to your AD. Although you do not see that often anymore. You have your mobile account created by AD and from that account the above solution then creates a second account. Because above policy creates a account locally, but with SSO as authentication. And your AD also creates a account, but not locally but mobile on your mac. Therefore, it is separate. So you have to make a choice. But I suggest, test the policy yourself and see. Play with the settings functionalities more to get some questions answered.
@QUOTES-lf1wt Ай бұрын
Yes I tried playing around...still isn't it a risk involved here if we have to disable 2FA LIKE AUTHENTICATOR AND SMS for org. wide for Mac users then...?... Platform sso should have worked with 2fa ....
@IrfanQureshi000 Ай бұрын
3810
@IrfanQureshi000 Ай бұрын
3810
@Egimatic Ай бұрын
Does thus also works for ios devices ipads iphone?
@bearded365guy Ай бұрын
@@Egimatic No it doesn’t. Just macOS.
@GlenS-h7d Ай бұрын
This has worked well for me... mostly! However, I get some accounts where you can't register and the Entra ID box just 'shakes' and it doesn't register or sync. Has anybody else had this happen?
@AnnoyedFruitBowl Ай бұрын
Thank you, Johnathan.
@IamHere2007de Ай бұрын
If I do it exactly like you in your video - set the Platform SSO policy to "password" and not "secureenclave", I can sign into the Mac with my M365 credentials, exactly like you. But: when I change this to "secureenclave" like you would recommend with production environments, what is the exact advantage? I can't sign in with my M365 credentials, I have to use the local credentials - is that the way it should work? I can't use TouchID after restart/sign out, so I don't see the point. What am I missing here? (non-DEP device btw)
@bearded365guy Ай бұрын
Hi - so when you set to Secure Enclave you should be able to sign into the Mac with your biometrics and then be authenticated to your Microsoft 365 apps, is that what happens?
@IamHere2007de Ай бұрын
@@bearded365guy the auth within the M365 apps works. But I can’t sign in with the fingerprint. Always have to use the local password. But after a restart/sign out touchID was never supported on Mac!?
@Richard-kl8wr Ай бұрын
Do you still have the option to log in as an admin locally, for example, in case of no internet connection or other issues?
@bearded365guy Ай бұрын
@@Richard-kl8wr I do recommend having a local admin account on the device too.
@socialwill Ай бұрын
@@bearded365guyI am curious how this works if you are not connected to a network. What happens when you try and login?
@patrick__007 Ай бұрын
Thanks for this! What about the deprecation?
@iamweave Ай бұрын
4:26 -- Which is the "Authentication Method" deprecated?
@iamweave Ай бұрын
I found out later this is neede for Mac OS 13 only. If you have no clients on 13 then no need to check that box.
@QUOTES-lf1wt Ай бұрын
Is this feature not working with 2FA?...Bcause as soon as i tried disabling 2FA it allows me to register and login token and complete platform sso registration....please hlp me on this
@Jordan-k7l Ай бұрын
use a conditional access policy to enforce MFA then disable Per user MFA. That was my issue and seems to be the problem most people have. Even if you have the CA for MFA enabled and the CA for per user off you need to go into the legacy portal to turn it off for the account you are connecting.
@QUOTES-lf1wt Ай бұрын
@@Jordan-k7l Hey still didn't get any idea how it is supposed to work... Can u elaborate on easy words and steps or any link to page of this idea 💡 u got from...?
@BojidarIliev Ай бұрын
Hi Jonathan, I am running MacOS Sequoia 15.0 and the registration popup does not show up, so I cannot continue with the process of company portal. Any idea how to solve this?
@bearded365guy Ай бұрын
Did you install the company portal and download the profile?
@BojidarIliev Ай бұрын
@@bearded365guyyes I did. And I am stuck on the next step - there is no popup to register the device.
@marvnl Ай бұрын
@@BojidarIliev Go to Systems Settings > Users & Groups > click on the user information mark > Under "Platform Single Sign-On" > and then "Registration" you can see the status of your SSO account. YOu can click on repair i guess.
@PacoLebron Ай бұрын
Strangely enough I have this same issue. I am doing some more troubleshooting but can't seem to figure out why the registration pop-up does not come up. I have upgraded from Sonoma to Sequoia as well
@bearded365guy Ай бұрын
@@BojidarIliev How strange. I haven’t seen that behaviour. And it’s strange that you’re both using Sequoia.
@abdurahmanMohamedYarow Ай бұрын
I have Microsoft 365 Business Standard and installed on my Mac Studio, all apps works excellent except Outlook app which doesn't not open at all. Do not know what happened to this app. I tried to reinstall and update apps unfortunately until now does not open the outlook app
@bearded365guy Ай бұрын
@@abdurahmanMohamedYarow Can you try Premium?
@Blastiq Ай бұрын
This is great
@emilsdl Ай бұрын
Mac is a no-no, but when the organization hired a graphic designer and they use Mac, all hell leash from the ITs, Game Changer, we are now back to gods; this graphic designer is no longer special, and now ITs are in control. whoah + (3 x ha)
@gasparjoao1992 Ай бұрын
Thank you @Jonathan Eduards, It is working.
Minec Music Short
Рет қаралды 10 МЛН