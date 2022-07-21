Ahead of the release of iOS 16 and macOS 13 Ventura this fall, Microsoft is simplifying Endpoint Manager enrollment. This effort will help IT administrators whose organizations use Apple devices.

With Apple’s new Platform single sign-on (SSO) for macOS 13, users will only have to authenticate once on their devices. According to a Microsoft company post, the update allows the SSO extension to extend to the macOS login window. Users can then use their Microsoft Azure Active Directory (Azure AD) or company account credentials to unlock their Mac. To simplify the process, the device’s local account password will automatically sync with the user’s company cloud password.

With Microsoft Endpoint Manager, IT admins will be able to create an MDM configuration profile with the SSO extension payload to configure this highly requested capability that improves the experience for people using a Mac device.

Microsoft’s announcement also includes updates to the future of bring your own device (BYOD) for iPhones and iPads. The company says it will soon provide a public preview of a new account-driven user enrollment experience for devices running iOS 15 or iPadOS 15 or higher. With the update, a users’ Apple ID will display in Settings, reducing Management Profile download to one step.

The update to account-driven user enrollment will also use a new feature called Just-in-Time (JIT) Registration. This feature will allow Apple’s single sign-on extension functionality to handle Azure ID registration within Microsoft 365 apps. By allowing this, SSO is established on the device and only requires two authentication steps to fully enroll in Intune.

You can learn more details about Microsoft’s Endpoint Manager enrollment updates for Apple devices here.

