You can make a difference in the Apple Support Community!

When you sign up with your Apple ID, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: squee-g
squee-g Author
User level: Level 1
4 points

Apple Business Manager federated login

We use Microsoft 365 in conjunction with Azure Active Directory (AAD) which allows employees using Windows machines the ability to login to their computer using the Microsoft 365 username and password. This is a good solution for few key points.


  • It allows our IT department the ability to shut off access to company property when an employee leaves the company
  • It creates better security because the password to the computer is tied to AAD, which requires the user to update their password every 6 months.
  • This solution does NOT require the creation of local computer account.


I have been trying to figure out how to get employees using MacOS devices to have the same benefits for the company. Reading the documentation on federated login using Apple Business Manager, this seemed to offer exactly what I was looking for.


I have spent several hours over the last few days setting up our account at ABM, verifying our domain and turning on federated login (through Azure Active Directory). All with the promise that this would allow a MacOS device to be a better corporate citizen.


After all of that, we re-imaged a Mac using Big Sur to see what the out of the box experience would be.


  • Initial login screen was so promising, we were able to sign in to the Mac using the managed Apple ID, which brought up the prompt to authenticate using Microsoft 365.....YEAH!!
  • Then......it forces us to create a local account on the Mac, which has a different password. WHAT???


What is even the point of federated login with managed Apple IDs, if the user still has to create a local user on the Mac with a different username and password? Honesty, I really don't understand why Apple has built the ability to offer federated login, if that is not the account that accesses the Mac.


  • This "solution" does not allow an IT staff member to walk up to a Mac and sign-in using AAD credentials. We would still have to create a local administrator account on the Mac. This is so 10 years ago. This means Apple is forcing us to use shared passwords to access devices, which is a security no-no.
  • This "solution" does not enforce password security, and requires the user to remember yet another password. That is the exact opposite of what SSO is supposed to do.


Please tell me that I am missing something here, and that there really are solutions to use SSO into a Mac with Azure Active Directory (AAD).


--Frustrated.





Posted on Oct 29, 2021 10:16 AM

Reply

Similar questions

There are no replies.

Apple Business Manager federated login

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up