Security baseline (DRAFT): Windows 10 and Windows Server, version 20H2

I have enabled the Microsoft Security Baseline via GPO on Servers. Now, we observe that we are no longer able to logon with Internet Explorer to Azure AD. It just hangs with a blank screen on login.microsoftonline.com … no error message, the site is also added to the trusted sites. I know we should not browse on servers, but some server apps require it.

I could identify that if I set “Windows Components\Internet Explorer\Security Zones: Use only machine settings” setting to “Not Configured” instead of the proposed “Enabled” then it’s working again:

It has something to do with user settings, but:

• I have not applied any User GPO Settings
• It’s a plain from ISO installed Server 2016
• On a Windows 10 device with the exact same GPO in the same OU it’s working (For sure also tested with IE)
• I compared the IE settings in the registry but could not identify a difference between Windows 10 and Server 2016

Does somebody had the same issue or a tip for me?