Modern Device Management

I have recently been testing and  familiarizing myself with Microsoft Single-sign on (SSO) extensible configuration for websites and apps on macOS. While the feature is still in preview, it has immense potential and has already proved to be a worthy edition in the management of Apple devices in general. While exploring the configuration, I felt the need to configure Microsoft 365 apps, particularly Microsoft OneDrive. In this blog, I will cover the configuration required to setup and manage Microsoft OneDrive on macOS devices using Intune. Intune Configuration Part 1 - As the first step, I will encourage to configure the SSO extension on the macOS devices to make the sign-in as seamless as possible. If you are interested in knowing how to go about this, then I recently blogged about  Reduce app sign-in prompts with SSO on macOS using settings catalog in Intune   which covers the steps and details. Part 2 - As the second step, Microsoft OneDrive app needs to be installed on the macOS.

  The Microsoft Enterprise SSO plug-in provides single sign-on (SSO) to apps and websites that use Microsoft Entra ID for authentication, including Microsoft 365. This plug-in uses the Apple single sign-on app extension framework and it reduces the number of authentication prompts users get when using devices managed by Intune. I recently blogged about configuring SSO plug-in for iOS devices and wanted to cover a part of the SSO configuration for reducing Microsoft Entra ID sign-in prompts on a macOS, with a focus on Microsoft 365 apps using Intune. My test device is already enrolled, installed with Company Portal app and I manually changed its ownership to Corporate. What are the pre-requisites? - The device is managed by Intune. - macOS 10.15 and newer - The Microsoft Company Portal app must be installed and configured on the device. Intune Configuration There are multiple configurations needed for this to work - a. Extensible Single Sign-on (SSO) settings catalog 1. Sign-in to the

  Microsoft Enterprise SSO plug-in for Apple devices is a great way to have device-wide single sign-on (SSO) for all apps and websites in a consistent, secure, and seamless way. As part of Apple's Authentication Services framework, SSO plug-in reduces the number of authentication prompts users get when using devices managed by Intune and providing single sign-on (SSO) to apps and websites that use Microsoft Entra ID for authentication, including Microsoft 365. Apple's enterprise SSO framework ensures that only an approved SSO plug-in works for each identity provider by utilizing a technology called associated domains. To verify the identity of the SSO plug-in, each Apple device sends a network request to an endpoint owned by the identity provider and read information about approved SSO plug-ins. Once set up, apps that support the Microsoft Authentication Library (MSAL) automatically take advantage of the Microsoft Enterprise SSO plug-in. The Enterprise SSO plug-in is currently

  There are loads of reports in Defender which can be deemed more than just fit for purpose. Particularly the  Device Health report that gives plenty of insights into the the status of Defender Antivirus. If you are on a look out for gathering the Defender AV status, then you can easily find it over here. Let's say that you want to gather details on the Defender onboarding status of Windows devices. With the default reports, you can go under each modes and extract the data. You can then filter for Windows OS as a platform and get the list. But is there a better way? You bet!  Enter Defender Advanced Kusto query language.. With Kusto operators and statements one can construct queries and locate information across the Defender schema. I have been working with KQLs for some time now and I can't imagine working with Defender without Advanced hunting. In order to query for Defender onboarding modes, one can use the DeviceTvmSecureConfigurationAssessment which contains an assessment