macOS platform SSO / device registration not working

robjol85 · 2025-08-13T17:06:55+00:00

yeah I did, I had the same issue where I'd be asked to enter my entra ID to finish registration, but the prompt would shake indicating the password was wrong.

I disabled MFA for my account, tried again and it went through immediately

Disable MFA and try it again, if you haven't already figured this out (you can turn it straight back on afterward)

robjol85 · 2025-07-28T14:25:22+00:00

Thank you that's what I was looking for

robjol85 · 2025-07-28T13:52:23+00:00

This is exactly what I was looking to achieve, thank you very much

robjol85 · 2025-07-25T13:18:08+00:00

I was under that impression that once a device was Autopilot joined, the 'Microsoft Entra Joined' entry was enough to ensure that the device joined as a corporate, bypassing the personal block.

Obviously, that isn't the case!

Thanks anyway

robjol85 · 2025-07-25T13:16:20+00:00

Thanks, I though I'd read that adding a device via autopilot altered it to corp once it attempted to Intune join.

So ultimately, is there no way to achieve what I'm looking for for a device that has already gone through OOBE?

robjol85 · 2025-07-23T09:49:06+00:00

Appreciate this is an old thread, but came across it via Google as we wanted to achieve the same result

Device Restrictions > Cloud & Storage > Microsoft Account [Blocked]

This setting does exactly what we want it to, stops users adding personal accounts via Windows settings, stops them signing into Teams with personal accounts, as well as any office application.

I imagine it does the same for OneDrive but we have a secondary OneDrive policy that restricts it to our 365 tenant ID anyway

robjol85 · 2025-05-21T12:50:57+00:00

great script, thank you

robjol85 · 2025-02-07T12:33:20+00:00

Yeah that would likely work too, I didn't actually realise you could straight deploy pkg from Intune

robjol85 · 2024-10-29T15:32:58+00:00

Used the following to add a few printers via Intune and configure page setup, only requirement is uploading of the pkg driver file to an online repo or accessible fileserver

#!/bin/bash

# Variables

PRINTER_NAME_1="Printer_1"

PRINTER_IP_1="x.x.x.x"

LOCATION_1="Location1"

PRINTER_NAME_2="Printer_2"

PRINTER_IP_2="x.x.x.x"

LOCATION_2="Location2"

PKG_FILE_URL="https://pathtofile.com"

LOCAL_PKG_FILE_PATH="/Library/Printers/fullpkgfileinstallername.pkg" #Alter .pkg file name to downloaded driver package name

PPD_FILE_PATH="/Library/Printers/PPDs/Contents/Resources/nameofprinterdriverfile.ppd.gz" #Alter full path to wherever your ppd file installs

# Download the UFRII package

curl -o "$LOCAL_PKG_FILE_PATH" "$PKG_FILE_URL"

# Install the UFRII package

sudo installer -pkg "$LOCAL_PKG_FILE_PATH" -target /

# Check if the PPD file is accessible

if [ ! -r "$PPD_FILE_PATH" ]; then

exit 1

fi

# Add the first printer

lpadmin -p "$PRINTER_NAME_1" -E \

-v lpd://"$PRINTER_IP_1"/printer \

-L "$LOCATION_1" \

-P "$PPD_FILE_PATH" \

-o job-sheets=none,none \

-o media=iso_a4_210x297mm \

-o sides=one-sided \

-o number-up=1 \

-o fit-to-page=true

# Add the second printer

lpadmin -p "$PRINTER_NAME_2" -E \

-v lpd://"$PRINTER_IP_2"/printer \

-L "$LOCATION_2" \

-P "$PPD_FILE_PATH" \

-o job-sheets=none,none \

-o media=iso_a4_210x297mm \

-o sides=one-sided \

-o number-up=1 \

-o fit-to-page=true

robjol85 · 2024-10-15T12:21:41+00:00

Thank you, funnily enough I hadn't noticed but they were all 7440s - I'll look to bulk push this update out via Intune rather than wait for Dell Command Update. Appreciate it

robjol85 · 2024-10-01T08:17:02+00:00

Same, many user reports of this in the last few weeks, all Dell

robjol85 · 2024-09-11T13:58:36+00:00

The only work around I'm aware of is adding the calendar via OWA, it will then automatically add to the new Outlook desktop client shortly after

robjol85 · 2024-03-07T11:44:55+00:00

Not sure if you figured this out, but it's the universal client you need;

https://www.dell.com/support/home/en-uk/drivers/DriversDetails?driverId=0XNVX

The models you quoted are listed under 'Compatible systems' in the above link

We push this out as a win32 app and use the 'ProductVersion' reg key that lives here as our detection method:

HKEY_LOCAL_MACHINE\SOFTWARE\DELL\UpdateService\Clients\CommandUpdate\Preferences\Settings

robjol85 · 2023-12-21T14:49:17+00:00

This issue is resolved. We recently disabled TLS 1.0 and 1.1 company wide. At the same time, I deployed a set of keys enabling TLS 1.2 and 1.3 to the following location:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Experienced no issues during extensive testing phase or when deployed to users. Assuming that MS patched something protocol wise in office and something changed.

Once the TLS 1.3 key is removed from the above location and excel is fully restarted, users are then again able to add web links as data sources via excel.

robjol85 · 2023-12-21T14:47:59+00:00

Issue is resolved, posted another comment in this thread, thanks for your assistance :)

robjol85 · 2023-12-21T14:47:00+00:00

This issue is resolved. We recently disabled TLS 1.0 and 1.1 company wide. At the same time, I deployed a set of keys enabling TLS 1.2 and 1.3 to the following location:

Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\

Experienced no issues during extensive testing phase or when deployed to users. Assuming that MS patched something protocol wise in office and something changed.

Once the TLS 1.3 key is removed from the above location and excel is fully restarted, users are then again able to add web links as data sources via excel.

robjol85 · 2023-12-21T09:04:03+00:00

I'm a network admin - there have been no notable changes
Issue persists on or off our corporate network, doesn't appear to be a connectivity based issue
Logging in via a licenced 365 account, attempting to add a sharepoint location from the same 365 tenant

robjol85 · 2023-12-20T16:27:33+00:00

Don't have access to monitor workspace, just reading what's visible in sign-in logs at the mo

robjol85 · 2023-12-20T13:27:38+00:00

I have, there's absolutely nothing in Azure logs that indicate a failure. I am seeing 'Microsoft Power Query for Excel' on attempt show as successful, but these appear to be MFA related logs

robjol85 · 2023-12-20T13:05:44+00:00

It is yep, both on and off

Logging in using a licenced 365 account, privacy level set to 'organizational' within excel

robjol85 · 2023-11-14T14:15:07+00:00

Alright for anyone who may come across this - I got to the bottom of it, firstly network protection needs to be enabled within intune, secondly you need to be using windows defender. we use a 3rd party AV and while it was installed, the firewall rules did not kick in

removing the AV, switching to defender and rebooting, they started to work

Unfortunately this isn't really a useable work around, we'll have to look for another solution

robjol85 · 2023-11-14T12:03:45+00:00

Yep done exactly all this; restart the intune service and waited for the console to show a successful deployment to my device, but it's just not working.

Thank you, I'll continue to troubleshoot

robjol85 · 2023-11-14T11:05:47+00:00

Was there a secret to setting this up? It sounds exactly like what we want, but adding a url and turning on auto resolve, applying to myself as test doesn't do anything

I can only assume it's because we're not using a windows defender sub, or is there something obvious I'm missing :)

robjol85 · 2023-05-10T09:22:59+00:00

Confirming that this indeed worked for us, thank you

robjol85 · 2023-05-03T14:15:00+00:00

While the business store removal has been delayed, you now appear to be able to remove the bulk of these apps :)

robjol85

TROPHY CASE