Forum Discussion

SteveSta's avatar
SteveSta
Iron Contributor
Feb 14, 2020

Edge Beta no longer auto signing in with federated Microsoft Work accounts

Over the last month or so, we've started to see our hybrid AzureAD joined Windows 10 devices that are signed in with federated accounts, no longer automatically logging into Edge Beta.  Users now have to know to press the "Sign in" button in the upper right corner of Edge, and then it tells them "We've detected this account on your device and we need to verify it before you can complete sign in."  Then they press "Complete sign in" button and it signs them in. (pics below)

 

Its not happening to every user, seems random at this point.

 

I was hoping to not have to educate our users to sign in, as until recently it was all automatic.  Does anyone know what criteria is needed for this to be automatic, or what things might be causing the account to need to be verified first?  Thanks!

 

Version 80.0.361.50 (Official build) beta (64-bit)

Windows 10 1903 with at least January 2020 cumulative updates

 

5 Replies

  • kqf_chris's avatar
    kqf_chris
    Iron Contributor
    Sep 28, 2020

    Any update on this? Experiencing this myself now in Release/Beta/Dev. It used to work fine. I am not using Federated authentication.

     

    Machines are Azure AD hybrid joined. Account is E3.

    • Kelly_Y's avatar
      Kelly_Y
      Icon for Microsoft rankMicrosoft
      Oct 01, 2020

      kqf_chris SteveSta OliverS91 Steve_Prentice Hi Everyone - I've reached out to the team about the issues you are experiencing and wanted to pass on the information from them.  

       

      Users need to verify their account when their token state is unhealthy. This could be caused due to a number of reasons (some are below). In these scenarios, since the browser can't auth them due to unhealthy tokens, users need to verify their identity to help auth them. Note, that when this happens all other Microsoft apps should also prompt users for credentials and when they auth to any of them, MS Edge should also get auth'd since it keeps retrying. 

       

      1. Password changed
      2. 2FA changed
      3. TPM corrupted
      4. Admin triggered a sign out of all devices
      5. New network location that might be risky

      If other Microsoft apps on the device are also prompting for credentials, the behavior you are seeing is by design. If it's only MS Edge prompting or the prompts keep coming back even after entering credentials, then we recommend filing a support case https://microsoftedgesupport.microsoft.com/hc/en-us.  

       

      Hopefully that helps!  

       

      -Kelly

       

  • TheOtherJosh's avatar
    TheOtherJosh
    Brass Contributor
    Jun 22, 2020

    SteveSta There are several policies that are controlling Browser Signin

     

    What GPO are you using to force the sign-in? Are you using:

     

    "Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account"

  • OliverS91's avatar
    OliverS91
    Copper Contributor
    Jun 22, 2020

    SteveSta did you find a fix for this? Our hybrid join was broken but on fixing it its now doing the same thing you mentioned.

Resources