MacOS/AzureAD password sync for enrolled Macs
Jamf Connect, OneLogin and JumpCloud now offer some sort of MacOS password sync capability for O365/AzureAD credentials (via SSO or a desktop agent keychain overwrite).
These services also offer the ability to disable sudo/admin rights on MacOS, which would be a game changer if Intune offered that functionality.
We pushout Intune profiles via DEP, and although we have the ability to rotate passwords, we have no way of authenticating local Mac passwords with AzureAD. If a user becomes locked out, we have to walk them through manually recovering their password via the recovery terminal.
Reseting their password in AzureAD could then sync to the desktop client and overwrite keychain.
Ramón Pérez commented
Office 365 & mac users needs to have a UNIQUE password on device --> local account synchronized with azure ad or office 365 credentials directly for login. If direct integration with AAD is not possible, it could be implemented using managed apple id credentials (federated with azure ad). You implemented SSO ...but only for apps, why not for local keychain??