Entra ID

macOS Platform SSO in ADE Now Generally Available

2 min read

Summary

Microsoft has made Platform SSO during Automated Device Enrollment generally available for macOS. The update lets organizations register devices and enable Platform SSO automatically during setup, reducing user prompts and helping IT teams deliver a more secure, consistent onboarding experience from day one.

Need help with Entra ID?Talk to an Expert

Introduction

Microsoft has announced general availability for Platform SSO (PSSO) during Automated Device Enrollment (ADE) on macOS. For IT teams managing Apple devices with Microsoft Entra ID and Intune, this is an important improvement because it removes extra enrollment steps and builds identity configuration directly into the initial setup experience.

What’s new

With this release, Platform SSO can now be completed automatically during macOS Automated Device Enrollment.

Key changes include:

  • Automatic Entra ID registration during setup for enrolled macOS devices
  • Platform SSO activation as part of enrollment instead of requiring a separate post-setup action
  • Fewer user prompts during first-run device onboarding
  • More consistent identity configuration across newly deployed Macs

This is enabled through the EnableRegistrationDuringSetup capability, which performs Platform SSO registration within the managed ADE workflow.

Why this matters

Previously, users could be asked to finish Platform SSO registration after setup, often through an additional prompt or a manual “Finish” step. That added friction to onboarding and created another point where setup could be delayed or missed.

By integrating PSSO directly into ADE, Microsoft is helping organizations:

  • Reduce deployment complexity
  • Improve first-day productivity for users
  • Strengthen compliance and device trust earlier in the lifecycle
  • Standardize identity-backed access from the first sign-in

This will be especially useful in large-scale deployments, including enterprise rollouts, education environments, and frontline scenarios where speed and consistency matter.

Impact on IT administrators

For admins, this update means identity is now treated as a core part of macOS provisioning rather than a follow-up task. If you already use ADE and Platform SSO, the workflow becomes simpler and easier to standardize.

Benefits for IT teams include:

  • Less reliance on users to complete setup correctly
  • Fewer enrollment support issues
  • Better alignment between MDM provisioning and Entra identity controls
  • Faster delivery of compliant, ready-to-use devices

Next steps

To use Platform SSO during Automated Device Enrollment, organizations should:

  1. Configure Automated Device Enrollment for macOS in their MDM solution.
  2. Ensure Platform SSO is already configured for the organization.
  3. Enable EnableRegistrationDuringSetup in the deployment profile.

If you manage macOS devices in Microsoft Intune, now is a good time to review your ADE profiles and update your onboarding process to take advantage of this GA capability.

Need help with Entra ID?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Entra IDmacOSPlatform SSOAutomated Device EnrollmentIntune

Related Posts

Entra ID

Microsoft Purview and Entra Add Real-Time AI DLP

Microsoft has announced a public preview that extends data protection to the network layer using Microsoft Purview and Microsoft Entra. The integration helps organizations detect and block sensitive data moving to unmanaged SaaS, personal cloud storage, and generative AI apps in real time, reducing data leakage risk before exposure occurs.

Entra ID

Entra PIM Custom Extensions Preview for Role Activation

Microsoft has introduced preview support for custom extensions in Microsoft Entra Privileged Identity Management, allowing organizations to call a REST API during role activation to enforce business-specific rules. This helps IT teams automate checks such as ticket validation, HR status, compliance gates, and on-call logic while improving auditability and reducing manual approval gaps.

Entra ID

Microsoft Entra Backup and Recovery GA Now Available

Microsoft Entra Backup and Recovery is now generally available for customers with Entra ID P1 or P2, bringing built-in recovery for critical identity objects across workforce tenants. The release extends retention from 5 to 7 days and adds more flexibility for snapshots, difference reports, and recovery jobs, helping IT teams respond faster to accidental or malicious changes.

Entra ID

Microsoft Entra AI Security Webinar Series Announced

Microsoft has launched a three-part Microsoft Entra and Purview webinar series focused on securing AI at scale. The sessions cover identity, access, data protection, browser and network controls, and governance for AI agents, giving IT teams practical guidance for safer AI adoption.

Entra ID

Azure AD B2C Migration Tools Now Available

Microsoft has released generally available migration tools and guidance to help Azure AD B2C customers move to Microsoft Entra External ID. With Azure AD B2C no longer receiving new features, these new options give IT teams a clearer path to modernize customer identity while reducing migration risk.

Entra ID

Microsoft Entra ID Security Updates: Key 2026 Changes

Microsoft is making three important Microsoft Entra ID security changes in 2026: retiring Custom controls in favor of External MFA, enforcing Conditional Access more consistently during credential registration, and requiring explicitly registered authentication methods for SSPR. These updates matter because they close policy enforcement gaps, improve identity security, and require admins to review configurations before enforcement deadlines arrive.