Microsoft Intune / "Company Portal" integrates with the macOS system-wide SSO mechanism. Beyond just single-sign-on, this also helps the Microsoft-hosted websites (such as SharePoint and OneDrive) verify that the device is "trusted" so you don't get the annoying non-compliance banner:
Your organization doesn't allow you to download, print, or sync using this device
In Microsoft Edge (unsuprisingly) and Safari, this "just works." In Chrome, you can use the official browser extension. Firefox requires a policy settings change that isn't obvious since it's not in the UI.
Policy setting documentation: https://mozilla.github.io/policy-templates/#microsoftentrasso
Turn on the MicrosftEntraSSO setting using any one of the following mechanisms. Only one is needed.
-
Perform the
defaults write ...commands below. This is probably the easiest method.defaults write ~/Library/Preferences/org.mozilla.firefox EnterprisePoliciesEnabled -bool TRUE defaults write ~/Library/Preferences/org.mozilla.firefox MicrosoftEntraSSO -bool TRUE
-
Create a
policies.jsonfile in the documented location (On Mac, the file goes intoFirefox.app/Contents/Resources/distribution){ "policies": { "MicrosoftEntraSSO": true } } -
Corporate IT can push this policy using a system profile with those same key-value settings (
MicrosoftEntraSSO=true).
In all cases, a browser restart is required. You can check that the setting worked by going to about:policies and seeing MicrosoftEntraSSO value set to true there.
This is the "unmanaged device error message.