Thanks for the video. It looks very far from complete to me. It's improved, but it's not slick. Users should be asked to sign in once, with their Entra creds. AppleID should be automatic, and the fact that there is a local account should not be visible to the user. And that's before we consider the new passwordless initiatives, like keypass, or existing options, like fingerprint ID on Macs. These should Just Work. Mac users are Mac users because they are used to, and want a fuss free first class experience. They are not going to like this much.
Hey - yeah apologies, I've started this video after already configuring all that stuff. Apple Business Manager enrollment ensures the device heads to the right tenant during initial startup. This might help! ruclips.net/video/ePkLDFsEURw/видео.html
I’m a bit confused here. You said no matter the password you add here it will change to the actual M365/EntraID password on sync? So what about passwordless? There are no passwordless options here. And also the SSO plugin in MacOS will allow for SSO for apps and browsers even when logging in with a password. So, CA policy’s? Would a Mac user be promoted for MFA at every interaction with M365 with policy’s forcing MFA or authentication strength? Kinda annoying. What passwordless login options does this solution offer? I guess FIDO2 keys but password still remains. I don’t even know my password anymore only using Windows Hello or Authenticator for login on web and windows. You should be able to do weblogin here with phone sign in via the standard web login method. And what about TAP? Doesn’t work either. With that said. It’s not ready yet. They have some way to go to feature parity
Far away from a MDM solution like Jam! This new features gives me a lot of headache because it's not working. I created a created a new enrollment profile checked "Await Final Config" and created a dynamic group which equals the enrollment profile. The I added this dynamic group to an app profile to install Company Portal and to a configuration profile to enable FV (Force Enable in Setup Assistant). BUT neither it will install the app nor it will show the FV screen during Setup Assistant - and yes I activated FV also in the enrollment profile. Did I missed something?
Thanks for the video. It looks very far from complete to me. It's improved, but it's not slick. Users should be asked to sign in once, with their Entra creds. AppleID should be automatic, and the fact that there is a local account should not be visible to the user. And that's before we consider the new passwordless initiatives, like keypass, or existing options, like fingerprint ID on Macs. These should Just Work. Mac users are Mac users because they are used to, and want a fuss free first class experience. They are not going to like this much.
Great video, Dean! Funny thing, I've had Mac also pick those lips when testing!
Great! But for that u need the Apple Business Manager or?
So when the user changes their entra ad password does that sync to the Mac login password?
Awesome stuff bro, thx
No problem 👍
Dean,
How does a standard MacOS out of the box build auto enroll to the correct tenant?
I may have missed something there.
Hey - yeah apologies, I've started this video after already configuring all that stuff. Apple Business Manager enrollment ensures the device heads to the right tenant during initial startup.
This might help!
ruclips.net/video/ePkLDFsEURw/видео.html
@@DeanEllerbyMVP I had managed to avoid that so far, using user enrollment.
I’m a bit confused here. You said no matter the password you add here it will change to the actual M365/EntraID password on sync?
So what about passwordless? There are no passwordless options here. And also the SSO plugin in MacOS will allow for SSO for apps and browsers even when logging in with a password. So, CA policy’s? Would a Mac user be promoted for MFA at every interaction with M365 with policy’s forcing MFA or authentication strength? Kinda annoying. What passwordless login options does this solution offer? I guess FIDO2 keys but password still remains.
I don’t even know my password anymore only using Windows Hello or Authenticator for login on web and windows. You should be able to do weblogin here with phone sign in via the standard web login method. And what about TAP? Doesn’t work either.
With that said. It’s not ready yet. They have some way to go to feature parity
what version of Intune has this feature in it?
the tenant i used is v2401
Far away from a MDM solution like Jam! This new features gives me a lot of headache because it's not working.
I created a created a new enrollment profile checked "Await Final Config" and created a dynamic group which equals the enrollment profile. The I added this dynamic group to an app profile to install Company Portal and to a configuration profile to enable FV (Force Enable in Setup Assistant). BUT neither it will install the app nor it will show the FV screen during Setup Assistant - and yes I activated FV also in the enrollment profile.
Did I missed something?
How does the mac knows that device is owned by the organisation during the inital setup . Can someone please explain
The Mac is ostensibly enrolled in Apple Business (or school) Manager.
What about Azure AD user login? I can’t seem to figure this one out without jamf connect.
This will come with Platform SSO which MSFT keeps pushing back back but is really near
@@jpricric9722 my company just received preview access to platform SSO Friday. I’ve been building it out and will be testing.
Maybe in time...LAPS for Mac? 🤣
Ok, maybe just Standard user instead of Admin for local user?