Blog Post

Windows IT Pro Blog
3 MIN READ

Upcoming changes to Windows single sign-on

Adam Steenwyk's avatar
Adam Steenwyk
Icon for Microsoft rankMicrosoft
Dec 14, 2023
Microsoft has been working to ensure compliance with the Digital Markets Act (DMA) in the European Economic Area (EEA). As part of this ongoing commitment to provide your organization with solutions ...
Updated Dec 14, 2023
Version 1.0
windows 10
windows 11
janjaaps's avatar
janjaaps
Copper Contributor
Apr 23, 2024

Hi Adam, 

Yes thanks for the follow-up, and yes we will open a support case, we were planning to.

But it's not just the issues with this new behavior... it's also the change in behavior itself.
And therefore I do wanna mention again that we would very much like an option to control/disable this behavior, I guess preferably though Conditional Access or using GPO/ADMX/Intune should be fine as well.

We just don't see of feel the need to burden our users, our servicedesk/helpdesk or others within the IT department with this SSO awareness notification.  We've got enough other project/priorities to spend our time on.

 

We've got two 100% controlled environments (Entra Joined managed devices and Citrix VDI), both with 2FA/MFA (no option to login with username/password only), controlled user environments, application whitelisting, etc, etc..., everything inside these environments works with SSO after initial logon. And now this new SSO awareness notifiction feature will "break" this. 

Our VDI environment doesn't show this as of yet, but reading the posts above I'm certain that after the next iteration (new image) in May; we will... Already looking forward to it....

We've got applications like Edge, New Teams and OneDrive starting automatically (hidden to tray), and now they will not logon automatically anymore? and we'll have to ask users to fix this themselves (and make sure this is persistent on non-persistent VDI), it just doesn't seem logical and totally unnecessary.

We're rolling out 300+ laptop with intune in the coming 4 weeks... before this weekend everything worked perfectly and now a user is getting a new system where nothing is logged on automatically... sure if you fix one and reboot (most) others work, but it's just..... sigh... I just don't like this change in behavior... And i don't understand the need for within controlled environments to do so..


Adam... you also mentioned on 11th of January that AVD won't be affected... Why this exemption? And can we get this on other (VDI) platforms as well?

So, I guess i'm asking, like a few others before, how can we disable this?
And (if not) which folders, regkey, etc, etc. do we need to save in non-persistent environments to make this persistent (differs per app?)

Thanks,

Jan Jaap