MacOS/AzureAD password sync for enrolled Macs
Jamf Connect, OneLogin and JumpCloud now offer some sort of MacOS password sync capability for O365/AzureAD credentials (via SSO or a desktop agent keychain overwrite).
These services also offer the ability to disable sudo/admin rights on MacOS, which would be a game changer if Intune offered that functionality.
We pushout Intune profiles via DEP, and although we have the ability to rotate passwords, we have no way of authenticating local Mac passwords with AzureAD. If a user becomes locked out, we have to walk them through manually recovering their password via the recovery terminal.
Reseting their password in AzureAD could then sync to the desktop client and overwrite keychain.