Sign Into MacOS With AzureAD … With JAMF

Apple II

My first experience of a PC was similar to this, called the Kiwifruit and made by my dad. Image Credit.

I’ve used a lot of different operating systems over the years, in fact my first exposure to a Personal Computer (PC) was built by my dad based on the Apple II – being from New Zealand he extended the fruit naming convention and called it a “Kiwifruit”. Since then, I’ve used almost every flavour of Windows (skipped Vista thankfully), multiple Linux desktop distros (Fedora, Debian, Ubuntu, YellowDog), OS X / MacOS and now love using Windows 10 exclusively on my Surface Laptop.

The point is, device and OS mobility is something most end users experience over time and inside education institutions students and teachers often use a multitude of different devices. To reduce the friction at sign-in, centralizing the identity of the user in the cloud with AzureAD is a smart move. This works natively in Windows 10 of course, allowing for rapid deployment using modern management of devices. To date, MacOS has not supported AzureAD authentication in the OS itself meaning you could not sign into the device with your cloud identity (you could join it to a local on-premise domain if you wished to).

This is all changing with a recent announcement from JAMF.

Authentication: With Jamf Connect (available with Jamf Pro or independent of Jamf Pro), formerly NoMAD premium solutions, users will be able to authenticate to their Mac with their Azure Active Directory credentials. This will simplify life for end users by enabling them to enter only one set of credentials to access their Mac and immediately use cloud-based services registered with Azure Active Directory (e.g., Microsoft Office 365). Account setup and synchronization with Azure Active Directory will happen automatically behind the scenes.

This is an awesome step forward, allowing Mac users to have a single cloud ID to sign into any device (AzureAD can even be used to sign into ChromeBooks if SAML authentication is provided via Chrome Management Console).

This new feature from JAMF builds on the integration between Casper Suite and Microsoft’s EMS that was announced in late 2017:

My Point of View:

Identity is not something that is usually top of mind for school leaders when it comes to considering their IT deployment and spend. However, getting it right initially will likely save considerable money in the long run and also future proof for access into whatever devices a school may choose to introduce for use by teachers and students.

AzureAD is a great option to standardize on and, with increasing partners federating and integrating into it, it is more powerful and flexible than ever.

I am always keen to discuss what I've written and hear your ideas so leave a reply here...

%d bloggers like this: