Forum Discussion
Edge Sync and login to Azure AD
Hi,
we are running a terminal Server farm based on Server 2019 with Edge Version 81. We do have a adfs infrastructure with azure ad. We want to automate the Login process and Synchronisation of the favorites for our users.
We are having Problems with the following Points:
- How can we enable the Auto Login for users? The are currently automated loged in with the Domain\username Format. How can we cahnge this to the upn Format?
- While the Manual Login process the user has to answer two quetions
- Do you want to sign in with a Microsoft-account or with a Business account. How can we set this Dialog to Business only or disable this Dialog?
- The User has the ability to add the device to azure ad. How can we disable this Dialog?
Thank you for your help
Stefan
- jwong0714Copper Contributor
Moelli Have you figure this out? I am having the same issue.
Here is my situation.
We have VDIs that we want users to login using their <username>@<companyname>.com. but the way I have the GPO set up it always forces them to either login to Edge as <domain>\<ADname>. Or it forces them to type it themselves (which we want this to be automated)
Our VDI pool delete itself after they logoff or shutdown (non-persistent), so this is why we want it automated.
Our current Windows 10 PC, people login using their <username>@<companyname>.com method and they can't sync their user data once they move to a virtual desktop when it is logging them in <domain>\<ADname>.
Is there a GPO I am not finding??
- Mohamed_AzdadCopper Contributor
jwong0714 hello, have you found a solution? i have the same problem , thks
- Henno_KeersSteel Contributor
I'll use your points to answer:
1)
You can set this in the user object in your onprem AD in the account tab, right beside the account name you can enter @domain.topdomain
2)
1) You can't change the dialog box but you can force by GPO setting that the user only can logon with @domain.topdomain
2) I don't know.
reg, Henno
- MoelliCopper Contributor
Hi,
Thanks ffor your reply, we already have set the upn logon name in the on prem ad to the correct domain.
Best regards
Stefan
- Ed_GonzCopper Contributor
Hi there, were you able to get this configured? We're having the same challenges and I've yet to find the proper way of doing this.
Thanks!
- MoelliCopper Contributor
Hello Ed,
we have stoped investigating this issue, we have written an instruction for our users how to configure the synchronisation in Edge.
We are very disapointed about this solution and how microsoft is "improving" simple solutions like the ie favorites.
Best regards
Stefan
- stesch79Iron Contributor
You have to modify the user agent string configuration on on-prem ADFS as described here: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-identity#windows-integrated-auth...
To support WIA-based SSO on Microsoft Edge (version 77 and later), you might also have to do some server-side configuration. You will probably have to configure the ADFS property WiaSupportedUserAgents to add support for the new Microsoft Edge user agent string.
After that modification it worked in our environment.