For more information, see Supplemental terms of use for Microsoft Azure previews.Unlock the full Microsoft Office experience with a qualifying Microsoft 365 subscription for your phone, tablet, PC, and Mac. Some features might be unsupported or have constrained capabilities. This preview is provided without a service-level agreement and isn't recommended for production workloads.
Microsoft Office Apple Store Windows 10 And AppleLicensed for home and commercial use.The Microsoft Enterprise SSO plug-in for Apple devices provides single sign-on (SSO) for Azure Active Directory (Azure AD) accounts on macOS, iOS, and iPadOS across all applications that support Apple's enterprise single sign-on feature. Microsoft support included for 60 days at no extra cost. Classic 2019 versions of Word, Excel, PowerPoint, and Outlook. One-time purchase for 1 PC or Mac. Microsoft Office Home and Business 2019-1 Person-Windows 10 and Apple macOS.The device must support and have an installed app that has the Microsoft Enterprise SSO plug-in for Apple devices: It extends SSO to applications that use OAuth 2, OpenID Connect, and SAML.To use the Microsoft Enterprise SSO plug-in for Apple devices: It extends SSO to applications that don't yet use Microsoft identity platform libraries. It can be enabled by any mobile device management (MDM) solution. It provides SSO for Azure AD accounts across all applications that support the Apple Enterprise SSO feature. Microsoft worked closely with Apple to develop this plug-in to increase your application's usability while providing the best protection available.The Enterprise SSO plug-in is currently a built-in feature of the following apps:The Microsoft Enterprise SSO plug-in for Apple devices offers the following benefits:iOS 13.0 or higher must be installed on the device. Apple requires this security constraint. Configuration must be pushed to the device to enable the Enterprise SSO plug-in. The device must be enrolled in MDM, for example, through Microsoft Intune. macOS 10.15 and later: Intune Company Portal app iPadOS 13.0 and later: Microsoft Authenticator app A Microsoft application that provides the Microsoft Enterprise SSO plug-in for Apple devices must be installed on the device. macOS 10.15 or higher must be installed on the device. For Public Preview, these applications are the Microsoft Authenticator app. Extension ID: com.microsoft.azureauthenticator.ssoextension Use the following parameters to configure the Microsoft Enterprise SSO plug-in and its configuration options. Manual configuration for other MDM servicesIf you don't use Intune for MDM, you can configure an Extensible Single Sign On profile payload for Apple devices. If the profile isn't already assigned, assign the profile to a user or device group.The profile settings that enable the SSO plug-in are automatically applied to the group's devices the next time each device checks in with Intune. Configure the SSO app extension settings of a configuration profile. Microsoft Intune configurationIf you use Microsoft Intune as your MDM service, you can use built-in configuration profile settings to enable the Microsoft Enterprise SSO plug-in: Registered their device with your organization.Your organization likely uses the Authenticator app for scenarios like multifactor authentication (MFA), passwordless authentication, and conditional access. Downloaded the Authenticator app on iOS or iPadOS, or downloaded the Intune Company Portal app on macOS. Enable SSO for apps that don't use a Microsoft identity platform libraryThe SSO plug-in allows any application to participate in SSO even if it wasn't developed by using a Microsoft SDK like Microsoft Authentication Library (MSAL).The SSO plug-in is installed automatically by devices that have: Extension ID: com.microsoft.CompanyPortalMac.ssoextensionYou can add more configuration options to extend SSO functionality to other apps. Does office 2016 for mac have accessValue: Comma-delimited list of application bundle IDs for the applications that are allowed not to participate in SSO. This parameter allows all apps that start with a particular prefix to participate in SSO. Value: Comma-delimited list of application bundle ID prefixes for the applications that are allowed to participate in SSO. Can be configured not to participate in SSO by adding the bundle IDs of Safari and Safari View Service in AppBlockList.IOS Bundle IDs : , macOS BundleID : com.apple.Safari Enable SSO for all apps with a specific bundle ID prefix An allowlist is used to configure these applications to use the SSO plug-in.Safari and Safari View Service are allowed to participate in SSO by default. Microsoft has made it easy to configure the plug-in inside the Microsoft Endpoint Manager in Intune. KeyThe bundle IDs (comma-delimited list) of the apps you want to prevent from participating in SSO.Scenario I want to disable SSO for Safari, which is enabled by default, but enable SSO for all managed apps. Apps you add to AppCookieSSOAllowList must also be added to AppPrefixAllowList.Scenario: I want to enable SSO for most managed applications, but not for all of them. Summary of keys Key1 to enable SSO for all managed apps, 0 to disable SSO for all managed apps.Bundle IDs of applications allowed to participate in SSO.Bundle IDs of applications not allowed to participate in SSO.Bundle ID prefixes of applications allowed to participate in SSO.Bundle ID prefixes of applications allowed to participate in SSO but that use special network settings and have trouble with SSO using the other settings. Example: com.contoso.myapp1, com.fabrikam.myapp2Other requirements: To enable SSO for applications by using AppCookieSSOAllowList, you must also add their bundle ID prefixes AppPrefixAllowList.Try this configuration only for applications that have unexpected sign-in failures. If that option isn't available, you can use your MDM configuration to find the bundle IDs:Temporarily enable the following flag in your MDM configuration:When this flag is on, sign in to iOS apps on the device for which you want to know the bundle ID.In the Authenticator app, select Help > Send logs > View logs.In the log file, look for following line: SSO extension has captured following app bundle identifiers. The easiest way to get the bundle IDs of the apps you want to use for SSO is to ask your vendor or app developer. KeyThe bundle IDs (comma-delimited list) of the apps you want to enable for participation in for SSO.Find app bundle identifiers on iOS devicesApple provides no easy way to get bundle IDs from the App Store. For iOS: com.apple.mobilesafari, com.apple.SafariViewService Scenario: I want to enable SSO on all managed apps and few unmanaged apps, but disable SSO for a few other apps.
0 Comments
Leave a Reply. |
AuthorBrooke ArchivesCategories |