Forum Discussion

re_bl's avatar
re_bl
Brass Contributor
Sep 02, 2020

With new Sync Bookmarks/Favorites on-Prem without Cloud

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-on-premises-sync Question: Is it only for beginning that only Favorites and Settings will be stored in the profile.pb file? Will in the F...
re_bl's avatar
re_bl
Brass Contributor
Sep 03, 2020

Hello scottbo_msft 

I have done some more tests with on-Prem and cloud profile: (Microsoft Edge 85.0.564.44)

Scenario 1:

Customer allows to login with Private User. Work as expected.

"ConfigureOnPremisesAccountAutoSignIn"=dword:00000001

"RoamingProfileSupportEnabled"=dword:00000001

"HideFirstRunExperience"=dword:00000001

"RoamingProfileLocation"="${local_app_data}\\Microsoft\\Edge\\edge-profile"

 

Customer doesn’t allow to login with a Private User.

The deactivation I have done with GPO Browser Sign-in => If you have configured the 'BrowserSignin' policy to disabled, this policy '*ConfigureOnPremisesAccountAutoSignIn' will not take any effect. Then the on-prem login will not function anymore. Works as is written in the GPO *description.

 

"ConfigureOnPremisesAccountAutoSignIn"=dword:00000001

"RoamingProfileSupportEnabled"=dword:00000001

"HideFirstRunExperience"=dword:00000001

"RoamingProfileLocation"="${local_app_data}\\Microsoft\\Edge\\edge-profile"

"BrowserSignin"=dword:00000000

"NonRemovableProfileEnabled"=dword:00000000

Second test if I set a Primary account that does not exist over the GPO RestrictSigninToPattern, then also the on-prem login doesn't function and you couldn't login with another Account.

"ConfigureOnPremisesAccountAutoSignIn"=dword:00000001

"RoamingProfileSupportEnabled"=dword:00000001

"HideFirstRunExperience"=dword:00000001

"RoamingProfileLocation"="${local_app_data}\\Microsoft\\Edge\\edge-profile"

"RestrictSigninToPattern"="@contoso.com"

 

Could you explain how to configure that also the scenario 2 is working. Only allow to login to AD domain?

scottbo_msft's avatar
scottbo_msft
Former Employee
Sep 04, 2020

Hello re_bl --

 

You may need to change your RestrictSignonToPattern value. It should match the format of an on-prem AD account like COMPANY\user. Or you can try unsetting it to eliminate it as a cause of the problem.

  • re_bl's avatar
    re_bl
    Brass Contributor
    Sep 08, 2020

    Hello scottbo_msft 

    If I set the RestrictSignonToPattern to  COMPANY\${profile}, it won't login the user with AD Account. If I unsetting the RestrictSignonToPattern then the AD Account will login but you also could login with a Private Microsoft Account. 

    We have some customers they do not have O365 because of the Cloud strategies and they also do not want that the User could login with a Private Microsoft Account on they're work client.

    • re_bl's avatar
      re_bl
      Brass Contributor
      Sep 08, 2020

      re_bl Sorry Copy /Paste mistake RestrictSignonToPattern to  COMPANY\${user_name} and not COMPANY\${profile}.

       

Resources