Forum Discussion

SC-Benny's avatar
SC-Benny
Copper Contributor
Nov 20, 2019
Solved

New accounts try to sync to AD account and not the AAD account

I'm beginning preparations to roll out Edge across our company but ran into a problem with our test group   Our laptops are AD-joined and when you first open Edge and import your settings from Chro...
  • HotCakeX's avatar
    HotCakeX
    Nov 26, 2019
    Thanks for checking anyway, hopefully one of the devs will see this and fill a bug report for it
HotCakeX's avatar
HotCakeX
MVP
Nov 23, 2019

Hi,
Which Edge insider channel/version have you tried?

I'm asking because as far as I remember, the beta channel has a flag related to "AAD" that needs to be enabled before AAD accounts are able to sync. on Edge canary that I'm checking now, it's not available because that feature is now built into the browser by default.

SC-Benny's avatar
SC-Benny
Copper Contributor
Nov 25, 2019

HotCakeX: I'm using the Beta channel, AAD sync is working as anticipated. However that is only when you create a new profile

 

If I set up a test user and open Edge, I'm prompted to import from Chrome and that initial user it sets up and imports everything into is the AD account which is not capable of syncing. I can create a new profile and then import again and that is then importing into the AAD account as seen below

 

  • VladimirK's avatar
    VladimirK
    Copper Contributor
    Dec 30, 2019

    SC-Benny  We have the same issue here. Are you workstations Azure joined? 

    • SC-Benny's avatar
      SC-Benny
      Copper Contributor
      Dec 30, 2019

      VladimirK They are Hybrid Azure Joined devices. However I've kept an eye on the change summaries from recent releases and this issue was resolved in version 80.0.361.5 that was released on December 17th. I'd recommend setting that up for a test user and seeing if that resolves it for you as well. At the time I tested with a new user on the Canary branch and was correctly prompted to set everything up for the AAD user over the AD user

       

      Relevant link: https://techcommunity.microsoft.com/t5/Discussions/Dev-channel-update-to-80-0-361-5-is-live/m-p/1070730

       

      Fixed an issue where Edge installations on Azure Active Directory domain-joined machines get signed into the wrong account on first run.
      • dmcaylor's avatar
        dmcaylor
        Copper Contributor
        Dec 30, 2019

        SC-Benny I had the same issue and just found the solution in GPO. Use a combination of the following  Edge policies:

         

        Configure whether a user always has a default profile automatically signed in with their work or school account - Disabled
        Enable Proactive Authentication - Enabled
        Restrict which accounts can be used as Microsoft Edge primary account - .*@yourdomain.com

         

  • HotCakeX's avatar
    HotCakeX
    MVP
    Nov 25, 2019
    So the problem happens only in hybrid configurations where both AAD and AD are present on user's system?
    you could try Canary channel too and see if the result is different
    • SC-Benny's avatar
      SC-Benny
      Copper Contributor
      Nov 26, 2019

      HotCakeX: Same behaviour unfortunately on Canary (v80.0.344.0). Presumably this feature is checking whether the user account is AD or AAD and then uses that rather than checking the presence of a Work Account which would be the more desirable behaviour

       

      • HotCakeX's avatar
        HotCakeX
        MVP
        Nov 26, 2019
        Thanks for checking anyway, hopefully one of the devs will see this and fill a bug report for it
    • SC-Benny's avatar
      SC-Benny
      Copper Contributor
      Nov 25, 2019

      HotCakeX: Correct. I was hoping there would be a flag I could set somewhere, or a setting via GPO to prevent creating the default user as the AD account and instead prompt for an AAD login

       

      I'll run a test and feedback on here

Resources