Forum Discussion

Johannes Goerlich's avatar
Johannes Goerlich
Brass Contributor
Aug 05, 2022

Enable implicit sign-in

I tried to get an automatically created work profile on my MS Edge using the 'Enable implicit sign-in' policy.

I'm logged on to the PC with my work AAD account. I deleted all my profiles closed the browser and set the reg.key ImplicitSignInEnabled=1. After starting the browser there is no work profile. I even can not determine any difference in the profile fly-out or settings pane. This is still true, independent from whether I set the reg.key to 0 or 1.

 

Can anybody explain the intended behavior of this policy?

 

Thanks,

Joe

  • Johannes Goerlich Hi - I looked in the archive to find background information about this policy and it appears it was created to stop implicit sign in.  Here is the Release Notes for v93 Stable: Archived release notes for Microsoft Edge Stable Channel | Microsoft Docs

     

     

    I believe that is why enabling or not configuring the policy will have the same effect.  

     

    Also, I do not know if it will specifically create a new profile.  Thanks! 

     

    -Kelly

     

     

    • Johannes Goerlich's avatar
      Johannes Goerlich
      Brass Contributor

      Kelly_Y 

      Hi @Kelly_Y
      the description reads:
      "If you enable or don't configure this setting, implicit sign-in will be enabled, Edge will attempt to sign the user into their profile based on what and how they sign in to their OS."

       

      Independent from wether I enabled or disable the policy, it always (just) recommends to use my OS account for login:

      (browser was restarted of course)

       

      Indeed, there is no enforcement or automated account creation.

       

      Enabling ImplicitSignInEnabled is a precondition for ConfigureOnPremisesAccountAutoSignIn and NonRemovableProfileEnabled, therefore I'm wondering what exactly is affected by this policy.

       

      At https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-identity#automatic-sign-in it says generally "The device is hybrid/AAD-J: ... The user gets automatically signed in with their Azure AD account."

       

      BR,

      Joe

      • Kelly_Y's avatar
        Kelly_Y
        Icon for Microsoft rankMicrosoft

        Johannes Goerlich Just checking, have you configured the BrowserSignin policy to 'Disable browser sign-in'?  This would cause the policy to have no effect.  

         

        Also you mentioned, ConfigureOnPremisesAccountAutoSignIn and NonRemovableProfileEnabled, they won't take effect if ImplicitSignInEnabled is disabled.  

         

        I'm not quite sure what your specific goals are but it appears that there are a lot of Identity questions right now :smile:.  I would recommend either reaching out FastTrack or Support, they would be able to work with you one on one and make sure MS Edge is set up and configured for your specific needs.  Thanks! 

         

        -Kelly

  • peterbloomfield's avatar
    peterbloomfield
    Copper Contributor
    There's definitely something odd going on with this policy. When it's enabled, a user profile isn't created when a new user launches Edge for the first time. However, it seems to be created automatically the second time they launch it. That doesn't make sense, and I'm pretty sure it's not how the policy used to work.

    This is causing problems for us because we make Edge browser extensions which provide web-filtering and other safeguarding functionality for schools. The extensions needs to know who the user is so that they can apply any user-specific rules. Without a user profile, that information isn't available.

    In the meantime, we're able to work around the issue by forcing browser sign-in, and restricting the sign-in to a specific pattern. That seems like unnecessary extra complexity though.

Resources