This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 22%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ES%3C/text%3E%3C/svg%3E)
Another forum that moved from very useful social.microsoft.com to this unfriendly Q&A site, pity!
But whatever.
There was a thread years ago about this:
Anybody has any info on current situation? (before I waste time to find myself that ie it does not work)
I could join my machines to local AD (which might be the case in the end), but while moving with all Windows machines to AAD/Intune, I would like to do the same with Macs (I am not yet in position to do Intune, as I do not have enough time for testing)
But at least authentication could be from AAD
Thanks
Seb
Hi, are there any updates with this case? If not, please select the appropriate response as "Answered." Otherwise please let us know how we can assist you.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(92.8, 61%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDR%3C/text%3E%3C/svg%3E)
I know this is an old thread, but I will leave this here.
https://support.apple.com/en-gb/guide/apple-business-essentials/axm78b477c81/web
It seems to be in trial still but worth a shot!
There seems to be no answer
Or if somebody knows they keep quiet
This can be accomplished by using one of the following third-party vendors:
They have each a tool that you will install on the macOS allowing you to log into the macOS with Azure AD credentials.
Sure, they all chargeable.
As stated in second post: I am about to move away (management decision) from Jams, so will not be looking into it again...
That was then, since Jamf is long gone.
Will wait for MS to do it themselves (as it will happen sooner or later)
For now AD join works perfectly fine
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(147.20000000000002, 94%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
New to this thread but would love to know myself.
Can we use MacOS's Directory Utility to achieve something like this? I also saw something called NoMad https://nomad.menu/ but that might be for on-premise. NoMad Login is now bought out by JAMF Connect which use to be open source.
Maybe this can work in a hybrid environment with on-premise AD that syncs with AAD?
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(265.6, 24%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESG%3C/text%3E%3C/svg%3E)
With your devices registered in ASM/ABM (Apple School/Business Manager) and synced to Intune you set up an enrollment program token that configures the Setup Assistant with Modern Authentication (ADE Automated Device Enrollment (formerly DEP)).
When you login with Azure AD credential your macOS device will be created in azure ad but it will not be (binded - no need), when you are finished with Setup Assistant on the device, you will be at the desktop where after a short while all your Policies will be applied (PPPC,System extensions/Device Feature/ Device restriction/ wifi / certificate / Azure SSO extension and etc)
Within the Setup Assistant you will be asked to create a local admin user.
When Company portal has been installed you log into CP and log in with your Azure AD credentials, your credentials will be saved in keychain and can be used for SSO login.
If you created Office and Outlook and Onedrive preference files that corresponds to the {{userprincipalname}} that variable will be translated to the current logged on users userprincipalname and Office/Outlook/Onedrive will do single sign in on your device. Outlook will register your license with Office 365 and OneDrive and Teams will ask you to press on the username you want to use to sign in and use SSO to handle the password.
All in all, you do not need to bind you macOS with azure AD when using Intune and Azure SSO extension and defince {{userprincipalname}} in your prerefence files.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 23%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPV%3C/text%3E%3C/svg%3E)
That's fine for a one-to-one scenario, but not for a shared device. Our devices are managed by inTune, but authentication still happens through our local AD (which is pretty much left simply to authenticate the Macs) until Apple gets its act together and builds native support for multi-user logins into the OS. The've been doing it better than Microsoft with authentication to AD since 10.4, I find it ridiculous that they haven't been able to get it to work yet for Azure AD. If Windows can do it, you would think Apple should be able to figure it out as well. I truly believe the only reason it hasn't happened yet is because they want everyone to have a dedicated machine, which just isn't feasible for most organizations, let alone school boards.