Forum Discussion
Solved
New tab logo - GPO
Hi, I am currently trying to set up GPOs for our environment. However, I can't seem to figure out how should be the NewTabPageCompanyLogo policy used. I got to the point where my JSON looks l...
LBXComputers thanks for checking in! If you're using the Enterprise new tab experience then you can configure your company logo to appear on that page via the online admin center. You can read more about how to do that here: https://docs.microsoft.com/en-us/office365/admin/setup/customize-your-organization-theme?view=o365-worldwide
Please let me know if this is a good solution for you, or additional feedback if not. Thanks!
We are finding that the user signs in automatically with domain\username rather than user@domain.com and you have to create a second profile to get sign in to work and sync to happen.
We are using hybrid ad/aad as we have on premises AD but Office 365 with SSO.
We are using hybrid ad/aad as we have on premises AD but Office 365 with SSO.
Avi Vaid
Microsoft
MicrosoftLBXComputers You mentioned that your environment is hybrid AD joined and you are yet getting domain/username automatically signed in rather than your AAD account? That's pretty strange and we'd love to work with you to understand why this is happening. The intended behavior is that you should get signed in with your AAD. I'll message your privately to look into this. If anyone else is in this situation, please let me know.
- I put it at computer level. I’ll try at user level tomorrow
LBXComputers What I found is that applying the GPO cleared the existing DOMAIN\User profile and allowed me to sign in to an AAD instead. But the GPO had to be applied to the PC first for this to happen.
Be sure to do it in both the Computer and User admin templates on the GPO, it may not work correctly if its not on both.
- The GPO method fixes it for a new logon to that PC. So the primary profile is the correct user@domain.com logon. But not fixed it yet on my primary PC with an established local profile. We use SSO for O365 so Edge should sign in the same automatically right?
Avi Vaid I can tell you that it is choosing the DOMAIN\User for the default profile, even though I (and several other users) had AAD accounts added to our PC's. We are signing in to the PC as DOMAIN\User, and that one gets auto-selected regardless of the presence of the AAD accounts. With the GPO it will instead allow me to pick the AAD account for the default profile.
- Avi Vaid
TI_Master Hmm, that's not exactly the same thing as far as I understand. Since your PC is just domain joined, there may not be an AAD present on the device. If that's the case, Edge will use the on-prem domain account to automatically sign in and this is expected. If there is an AAD account present (from AAD-J, Hybrid join, or AAD sign in to another Microsoft app without selecting "This app only"), Edge should be using the AAD to automatically sign in.
Thanks for sharing how you use GPO to get around the on-prem sign in. Let me know how we may be able to make this configuration easier for admins like you that have a domain joined environment but don't want the on-prem sign in since you have O365.
Avi Vaid I am experiencing the same thing. My PC is locally domain joined, and I'm signed in to it with a domain account. But we are also on Office 365, so AAD is available. My suspicion is that if my PC were initially AAD joined instead instead of local domain joined, the problem might not occur, but I'm not certain of that.
My post (a few posts up from this one) details how I used GPO's to get around this issue. But it was impacting all of our end users.
