Forum Discussion
Cannot sign-in to Edge with Microsoft Account
Deleted
Like others, I'm unable to sign in with my personal microsoft account on a work computer that's already logged in with a "work" profile. Maybe those who have work profiles through Microsoft can't also have a personal profile signed in? That seems to be the common them from folks on this thread.
jlindine dqtiep juliantb Dean Misenhimer Thanks for the details!
Per the Enterprise Identity team: we’d love to look into this further, and it would really help us troubleshoot if you’re open to submitting feedback and diagnostic data. Depending on your comfort level and device permissions, you could securely submit that via one of the following ways:
- Simply send logs via the Office Sign-In and Authentication diagnostics via the download here: http://aka.ms/icesdptool. (It captures relevant AAD/MSA/WAM/NGC info and does a screen recording for you)
- Submit detailed feedback through the browser along with a screen recording, diagnostic data, and attaching a screenshot of your logs under Security Privacy/Windows Authentication
- Follow this process (https://support.microsoft.com/en-us/help/4021566/windows-10-send-feedback-to-microsoft-with-feedback-hub-app) and choosing the category "Security and Privacy" and the subcategory of "Windows Authentication.”
Once you do this, we will engage to fix the issue you're running into. However, if submitting any of the above isn’t possible or is outside of your comfort zone, then can you try re-domain joining to fix?
Please let me know if you have any questions! And if you want to be sure the team sees your feedback as quickly as possible, feel free to comment (or send me a private message) about with method you used, so they can keep an eye out.
Fawkes (they/them)
Project & Community Manager - Microsoft Edge
I also cannot sign-in with Microsoft Account while my work account is automatically signed in and syncing.
I have just set BrowserSignin=1 and NonRemovableProfileEnabled=1 in my test environment.
When trying to sign a second profile i select to sign-in with Microsoft Account after a short waiting i get the error 0x800704ec.
- are there any news on that?
Johannes Goerlich Thank you for your patience as we've looked into this! We've revised our documentation and have some suggestions to share.
For the error: 0x800704ec, the team suggests looking into the following policies on your machine, as they might be the root of the issue.
MDM Policies:
- Accounts/AllowMicrosoftAccountConnection:
- Legacy (i.e., pre-Win10) MSA MDM policy which blocks fresh MSA user ticket requests that flow through the MSA Client stack. The intent of this policy was to define whether MSAs can be used for user authentication on the device, not strictly whether accounts could be “Connected” (although that can be a byproduct).
- https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-accounts%23accounts-allowmicrosoftaccountconnection&data=02%7C01%7Cv-fasera%40microsoft.com%7C11d881fb8b4249dd12fe08d814966f25%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637281983652282071&sdata=IrPCRWN%2BxcSmvQcULEQK27BjiqNK%2FVwDvTunhs2zBf4%3D&reserved=0
- Accounts/AllowMicrosoftAccountSignInAssistant:
- New Win10 MSA MDM policy which is used in “zero-exhaust” environments in which enterprises want to eliminate network calls to Microsoft properties all-up. This particular policy can disable the MSA Client NT service, which in effect disables all MSA Client scenarios which hit the wire through the service. This is a big hammer type of policy, and is only used in the most locked-down environments.
- https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Fclient-management%2Fmdm%2Fpolicy-csp-accounts%23accounts-allowmicrosoftaccountsigninassistant&data=02%7C01%7Cv-fasera%40microsoft.com%7C11d881fb8b4249dd12fe08d814966f25%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637281983652292066&sdata=5zfkiYXdHOUXdrlYuwII0fHgRdawq5xBJRq3LPOvUao%3D&reserved=0
Group Policies:
- “Accounts: Block Microsoft accounts” (also known as “NoConnectedUser”)
- Legacy Group Policy from Win8 timeframe whose purpose is to truly block “Connecting” accounts. It does not affect other usage of the MSA Client stack (i.e., apps can still request tickets), it is only intended to block the LocalAccountàConnectedAccount transition.
- https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fwindows%2Faccess-protection%2Faccess-control%2Fmicrosoft-accounts%23accounts-block-microsoft-accounts&data=02%7C01%7Cv-fasera%40microsoft.com%7C11d881fb8b4249dd12fe08d814966f25%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637281983652302059&sdata=rHr0pshcZ%2F0KMzrw5egTvk6LEczDg4LXKE%2BWnxc1tLg%3D&reserved=0
- “Block all consumer Microsoft account user authentication”
- This is the Group Policy version of the legacy MDM policy
- “Accounts/AllowMicrosoftAccountConnection”. As per the MDM analog, the intent of this policy was to define whether MSAs can be used for user authentication on the device, not strictly whether accounts could be “Connected” (although that can be a byproduct).
- https://docs.microsoft.com/en-us/windows/access-protection/access-control/microsoft-accounts#bkmk-restrictuse
Hopefully that helps! If not, just let me know and we can do some further troubleshooting.
Fawkes (they/them)
Program Manager & Community Manager - Microsoft Edge- Accounts/AllowMicrosoftAccountConnection:
Deleted Having the same problem, it came and went but now it seems to be here to stay. 3 machines on the same network but only this one is affected. I've started following your guides on submitting diagnostics, but in the meantime if there is any further info I'd be grateful to hear it.
Feedback app won't let me report a problem, just hangs with circle
Many thanks
JL
- Option 1 completed from me.
