Guest Michael Epping talks about Entra's new Apple device authentication features. They discuss Apple's Secure Enclave, Entra Platform SSO for Azure resources, and upcoming releases for seamless access to enterprise resources.
Entra Platform SSO integrates Apple devices for Azure resource access.
Apple Secure Enclave enhances macOS authentication for Microsoft Entra ID users.
Deep dives
Customer Engagement and Product Improvement
Michael Epping works as a product manager in the Microsoft Identity Customer Acceleration team, assisting Microsoft Entra customers in adopting features and gathering feedback for product enhancement. They focus on aiding customers with deployment challenges and refining products based on customer input, bridging the gap between customers and the product group.
Evolution of Enterprise Device Management
Apple's introduction of the Platform SSO feature addressed the growing need for better enterprise management solutions for macOS devices. The transition from Windows-centric device management to incorporating Mac devices was necessary as the significance of Macs in enterprises continued to rise alongside Windows. The move aimed to align the management experiences of Windows and Mac devices for users.
Implementation of Platform SSO for Mac Devices
The integration of Platform SSO for Mac devices focused on enhancing authentication methods like the Secure Enclave Key to provide robust security. This native capability on macOS allowed users to sign in with cloud IDP credentials, ensuring a cohesive identity management experience across devices. The adoption process involved creating an MDM profile transition to the new Platform SSO profile for improved security measures.
Future Enhancements and Customer Feedback Loop
Future developments in the Platform SSO implementation include additional features like granular control over local user permissions and integrating Kerberos support for seamless on-premises resource access. Microsoft is actively seeking customer feedback to enhance the functionality and address any existing gaps in the platform, aiming to achieve parity in user experience and security across Windows and Mac devices.
How are your company's Apple devices connected to the enterprise? Richard talks to Michael Epping about the recent additions in Entra that support the authentication of Apple MacOS and iPadOS devices. Michael discusses Apple's Secure Enclave as the equivalent of Trusted Platform Management in Windows. With Entra Platform SSO, you can now use that authentication to access Azure resources and, ultimately, on-premises Kerberos-secured resources! These features are still in public preview but fully supported, and more is coming!