Using the Apple Enterprise Single Sign-On Extension (introduced in iOS 13), it is possible to keep users in the Jamf Trust app when performing authentication with Microsoft.
Furthermore, SSO enhancements made by Microsoft or a federated IdP—such as Enable passwordless sign-in with Microsoft Authenticator—are automatically made available to your users without having to modify your deployment.
The following steps assume your devices are managed by Microsoft Intune (Intune). For all other UEM solutions, download the following iOS Mobile Configuration profile and upload it to your UEM solution as a custom profile:
iOS_MSFT_SSO_UEM_Bootstrap_v1.1.mobileconfig
Then push the profile and the Microsoft Authenticator app to devices that are to use Jamf Trust.
The Microsoft Authenticator app installed on all end user devices to which the Jamf Trust app and Jamf Connect's Zero Trust Network Access will be deployed
- Confirm that the Microsoft Authenticator app has been pushed to all of your devices.
- Log in to Microsoft Intune and go to .
- Click Create profile, choose Device features, then click Create.
- Enter a Name then click Next.
- Under Configuration settings, expand Single sign-on app extension.
- In the SSO app extension type pick list, choose .
- Leave other settings unchanged and click Next.
- Complete the remaining configuration profile steps, including assigning to all devices that are to use Jamf Trust.