Skip to content

Clarify device re-registration behavior #5039

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
MandiOhlinger merged 5 commits into from
Apr 21, 2026
Merged

Clarify device re-registration behavior #5039

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
ac00bed
Clarify device re-registration behavior
iye-ms Apr 17, 2026
79ed59c
Merge branch 'main' into patch-11
MandiOhlinger Apr 21, 2026
a9ce5b5
Moved info to Prereqs
MandiOhlinger Apr 21, 2026
66bd39d
Update device re-registration explanation for SSO policy
MandiOhlinger Apr 21, 2026
3edb5e9
Merge branch 'main' into patch-11
MandiOhlinger Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion intune/device-configuration/settings-catalog/configure-platform-sso-macos.md
View file
Open in desktop
Comment thread
MandiOhlinger marked this conversation as resolved.
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,8 @@ You configure Platform SSO using the Intune [settings catalog](../../device-conf

We recommend you review the [scenarios](./configure-platform-sso-scenarios-macos.md) **before** you create the settings catalog policy. This way, you can configure the settings you need/want when you initially create the policy. If you don't configure the optional scenario settings initially, you can always edit the policy later. Only one SSO policy can be assigned to your groups. So, add these scenario settings to your existing Platform SSO settings catalog policy.

- Expect existing devices to reregister in Microsoft Entra. When you create the settings catalog policy in [Step 2](#step-2---create-the-platform-sso-policy-in-intune) (this article), you add the **Platform SSO > Authentication Method** and **Platform SSO > Use Shared Device Keys** settings. When these settings are in the same profile and are updated, the device reregisters when Platform SSO completes. For the other settings you add, if the profile is unassigned and reassigned the Platform SSO policy, the device reregisters.

- In [Step 5 - Register the device](#step-5---register-the-device) (this article), users register their devices. These users must be allowed to join devices to Microsoft Entra ID. For more information, go to [Configure your device settings](/entra/identity/devices/device-join-plan#configure-your-device-settings).

## Step 1 - Decide the authentication method
Expand Down Expand Up @@ -196,7 +198,7 @@ To configure the Platform SSO policy, use the steps in this section to create an
- **Type**
- **URLs**

Close the settings picker.
Close the settings picker.

> [!TIP]
> There are more Platform SSO settings you can add to the policy that configure different scenarios, like enabling Kerberos SSO, using Touch ID biometric authentication, and enabling SSO on non-Microsoft apps. To learn more about these scenarios and their required settings, go to [Common Platform SSO scenarios for macOS devices](./configure-platform-sso-scenarios-macos.md).
Expand Down