macOS Platform SSO in Intune causing Company Portal “device not registered” and cannot register again
Hi all,
I’m looking for advice from anyone who has rolled out macOS Platform SSO via Intune, especially to Macs that were already manually enrolled through the Company Portal app.
We recently started deploying Platform SSO to existing macOS users, after testing, and pilot groups, which had no issues. The Platform SSO side appears to complete successfully: users receive the registration prompt, go through setup, and can then log in to their Mac using their Entra ID password.
However, after that, Company Portal sometimes stops recognising the device as registered. It shows:
This device is not registered.
There was an issue registering your device. Try registering it again.
For some users, deleting the management profile and re-enrolling fixes it. For a few Macs, re-enrolment no longer works at all and Company Portal keeps failing with the same registration issue, Device could not be added.
These are existing manually enrolled Macs, not newly enrolled ADE Macs.
From the Company Portal logs on one affected Mac, the pattern seems to be:
Device is not found at the server
Leave before re-registering
SkipPSSO: true
Unable to perform the SSO extension request to remove device registration
Device is WorkplaceJoined
failed to retrieve valid registration information
failed to retrieve certificate interface from keychain
failed to retrieve key interface
I’ve already tried the steps below:
- Deleted the Intune device record
- Deleted the Entra device object
- Removed the MDM profile
- Rebooted
- Removed/reinstalled Company Portal
- Cleared obvious Company Portal / Workplace Join keychain items
- Confirmed the Platform SSO Team Identifier is correct
- Confirmed Company Portal is up to date
- Checked for duplicate SSO extension profiles
Has anyone seen this with Platform SSO on existing manually enrolled Macs?