Enhance macOS endpoints guide with SSO and optimization tips

iye-ms · web-flow · commit 3b2a2ee8290c · 2026-01-08T14:33:38.000-05:00
Mitigate security exception - Bug 28366379: [Mac CP][Security Exception] Unreliable Entra device ID patching for MacOS can enable Conditional Access on unmanaged devices
diff --git a/intune/solutions/end-to-end-guides/macos-endpoints-get-started.md b/intune/solutions/end-to-end-guides/macos-endpoints-get-started.md
@@ -175,6 +175,8 @@ macOS devices with user affinity can be targeted for profiles and apps using use
 
 ### Step 6 - Configure initial settings and single sign-on (SSO)
 
+Platform Single Sign-On (PSSO) is the most secure approach for device attestation and registration. Enforcing the use of the SSO extension during device registration is considered a best practice for a Zero Trust security strategy, ensuring strong device identity and replacing traditional registration through the Company Portal.”
+
 ✅ **Optimize first run experience**
 
 Using Intune, you can optimize the first run experience using built-in settings within the ADE enrollment profile. Specifically, when you create the enrollment profile, you can:
