059: Deploy macOS Identity management

Overview

There are several recommended configurations for identity management on macOS:

• Enroll all Macs in an MDM, this provides the best Mac management user experience
• Have an identity strategy for how your users will log into the Macs (Kerberos SSO, Platform SSO, 3rd party option, etc.)
  • Avoid on-premises Active Directory dependent options
• Integrate your MDM with Conditional Access
  • If the MDM is Intune then ensure you have created a device compliance policy for your Macs
  • If the MDM is not Intune then make sure you integrate the MDM with the Microsoft compliance API so device health can be leveraged in Conditional Access

Reference

• Device Compliance settings for macOS settings in Intune | Microsoft Learn
• Support third-party device compliance partners in Intune | Microsoft Learn
• Manually configure Jamf Pro integration with Microsoft Intune - Microsoft Intune | Microsoft Learn