How can we improve Azure Active Directory?

Azure AD join Mac OS X

It would be really cool to be able to Azure AD join other devices, like Mac OS for example.

112 votes
Sign in
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Hampus Nordanfjall shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →
    archived  ·  AdminAzure AD Team (Admin, Microsoft Azure) responded  · 

    Thanks for your feedback. Azure AD Join is unique to Windows 10 as it uses Windows components to generate/store the artifacts used for subsequent logins and enable SSO to other resources. AADJ on Mac OS or any non-Windows OS is not a possibility currently

    We are working on other approaches to enable conditional access from Mac OS devices



    Sign in
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      • Paul Shadwell commented  ·   ·  Flag as inappropriate

        I need this now!!
        I just got Seamless Single Sign-on to work via AAD and AD Sync for Windows and was shocked that I couldn't configure the mMacs to do the same. I was sure this was possible.
        Very disappointed.

      • Luke commented  ·   ·  Flag as inappropriate

        Would also love to see this. Moving to the cloud with an increase in mac usage is not easy! Love the O365 eco system, just need to get mac's to bind to it.

      • Andrew commented  ·   ·  Flag as inappropriate

        Flagged as inappropriate. The archiving is what I consider inappropriate.

      • Richard Brooks commented  ·   ·  Flag as inappropriate

        Well, actually, you guys need to change your mind on this one. Active Directory is going away in the SMB market. Microsoft really need to step up to the plate and make this a priority, or companies are going to start to bail. Myself included.

      • Giuseppe commented  ·   ·  Flag as inappropriate

        I think this feature is essential for a cloud-only company that relies on office365 and Azure

      • Giuseppe commented  ·   ·  Flag as inappropriate

        I tried you solution, but the server is always not responding. 'Cannot connect to node ...' In a Directory browser it worked fine.
        Anyone an idea?

      • mark zigadlo commented  ·   ·  Flag as inappropriate

        Try this...

        How to Configure LDAP Authentication for Mac OS and Azure AD

        1. Configure Secure LDAP (LDAPS) for an Azure AD Domain Services managed domain

        Network Account Server Setup
        1. System Preferences > Users & Groups > Login Options > click Lock Icon to allow changes
        2. Network Account Server > Join > Open Directory Utility > click Lock Icon to allow changes
        3. LDAPv3 > edit Pencil > New > Server Name
        • Enter FQDN of your LDAPs end point, Ie
        • Check Encrypt using SSL > Manual
        4. Enter a Configuration Name of your choice > Edit
        • Check Use custom port and enter 636

        Search & Mappings Tab
        1. Click the (+) button and add the Users record type
        a. Enter your Search Base, ie dc=mycompany,dc=com
        2. With Users highlighted click (+) and add the following Attribute Types and associated values:
        • NFSHomeDirectory - #/Users/$sAMAccountName$
        • PrimaryGroupID - #20
        • RealName – cn
        • RecordName – sAMAccountName
        • UniqueID – uSNCreated
        • UserShell - #/bin/bash

        Security Tab
        1. Check Use authentication when connecting and enter a Distinguished name
        a. Ie cn=username,ou=AADDC Users,dc=mycompany,dc=com
        2. OK > OK when done

        Search Policy Tab
        1. For Authentication and Contacts use the Search dropdown to select Custom path > (+) > ADD
        a. Choose the Directory Domain you just created
        2. Apply and close the Directory Utility
        3. You should now see the Network Account Server you just created with a green dot next to it. If you see a red dot it either has not connected yet or something is wrong with your setup. A reboot sometimes helps
        4. Logout and login as a valid Network user.

        Create mobile account

        Command Line
        sudo /System/Library/CoreServices/ -n username

        Summary Comments
        After the mobile account is created you can make the network user a local admin and give them access to unlock the drive at boot time if using File Vault.

        A mobile account will also be needed if the user needs to log into the Mac while not connected to the Internet.

        Wireless is not available at the Mac OS login screen. 1st time users will have to login with an Ethernet connection.

      • Andy Saputra commented  ·   ·  Flag as inappropriate

        I think that can be accomplished if Microsoft could provide something like or then we would be able to join any of our Macs or other devices to the Azure AD.

        I'm currently managing 937 non-Windows, and most of them are Macs, would be great if Microsoft makes Azure AD available to non-Windows devices.


      Feedback and Knowledge Base