Login

u/aPieceOfMindShit

▲ 17 r/Intune

Going from local admin users to non admin users

Inherented a pretty strange environment and one of the tasks I got was to find a way to demote 90 percent of our users from local admin to non admin user.

How do I do this from a technical perspective?

And any risks with this? Do I need to test carefully in test groups?

reddit.com
u/aPieceOfMindShit — 2 days ago
▲ 9 r/macsysadmin

Platform SSO with Secure Enclave, something to gain?

Looking for some real-world input on whether Platform SSO with Secure Enclave actually adds value in our setup.

Our environment:

  • Macs managed with Jamf Pro
  • Microsoft 365 / Entra ID
  • Conditional Access with device compliance (Jamf → Intune connector)
  • Legacy Enterprise SSO Extension — users stay signed in as long as the device is compliant, no repeated username/password prompts
  • No additional Entra-connected apps beyond M365
  • No apps enforced via Conditional Access other than M365

Given this setup, what would we actually gain by switching to Platform SSO with Secure Enclave?

reddit.com
u/aPieceOfMindShit — 3 days ago