Receiving error code 10002 in Intune for platform SSO configuration profile assigned to a macOS device.
The macOS device also had a Microsoft Enterprise SSO Plugin for Apple Devices configuration profile also assigned to the macOS device.
Solution
Apparently the error message is due to conflict between the macOS Platform SSO and Microsoft Enterprise SSO Plugin for Apple Devices configuration profile settings.
The conflict results in a confusion because both policies try to manage authentication between the device and Microsoft Entra.
To resolve the issue, unassign the Microsoft Enterprise SSO Plugin for Apple Devices profile/policy from the group that the macOS devices are members of; keep the macOS Platform SSO policy assigned to the macOS group.
You may need to sync the device to Intune from the Company Portal a few times and then if the “Registration Required” popup does not appear, then you can reboot the device and try the sync again.
Once the popup shows up, click on Register and then enter your local administrator credentials when you see the popup. You should see the Company Portal screen change to Register your device with Microsoft Entra; Preparing your device…
Now you would be presented with the Microsoft Entra login screen with the email address you logged into Company Portal application already populated. Enter the associated Office 365/Entra password that you used to log into the Company Portal application and complete the MFA if you have that setup.
Once you have completed these steps, you should see the Account Updated popup indicating the macOS local account and the Office 365/Entra account have been linked. And so now, even though on the login screen you will be presented with the local account user name, the password that needs to be entered to log into the device, is the Office 365/ Entra credentials; the local account password will not work.
When you navigate to Azure AD/Entra ID portal, under Devices, you should see that the macOS device now show Join Type as Microsoft Entra Joined.
