Forum Discussion

Björn Lagerwall's avatar
Björn Lagerwall
Brass Contributor
Sep 16, 2020
Solved

Windows 10 WIP rules and Chromium Edge cannot access Sharepoint Online ERR_BLOCKED_BY_ADMINISTRATOR

Hi all,   A few weeks ago Sharepoint Online access via Edge (Chromium) browser stopped working from our AAD joined + Intune Windows 10 (2004) computers.    Error from Edge:   You don’t have acc...
edge
WIP
  • Björn Lagerwall's avatar
    Björn Lagerwall
    Dec 14, 2020
    Hi all,

    Got an suggestion from Microsoft Support to change the corporate identity in WIP policy from tenant name to our AD name and it worked!

    See below explanation from Microsoft Support.


    Resolution: We made a change in the Edge 85-86 to check the domain of the profile's AAD identity instead of automatically treating all AAD identities as a work profile.
    In your case, the corporate identity was contoso.onmicrosoft.com, and your Work profile was contoso.com. We confirmed by checking edge://edge-dlp-internals/#NetworkIsolation-policies and seeing EnterpriseNetworkDomainNames we blank. After making the change of the corporate identity to contoso.com, you can now access your SharePoint site.
Dadoks's avatar
Dadoks
Copper Contributor
Nov 21, 2020

Björn Lagerwall I seem to be having the same problem when I try to reach an internal resource all of a sudden as well. Could reach it without any issues before using Edge. Have to switch to chorme browser to continue operations.

I'm wondering if this could be caused by some group policy as we just updated the admx files in the central store.

Björn Lagerwall's avatar
Björn Lagerwall
Brass Contributor
Nov 23, 2020

Dadoks Hey, 

I have the case up at engineering now and they want me to test more stuff. Hopefully I get time today toi test. I'll post my findings here.

 

BR
Björn 

  • Dadoks's avatar
    Dadoks
    Copper Contributor
    Dec 01, 2020

    Björn Lagerwall Please let us know what you results are. I also noticed that the issue seems to be particular to systems that have recieved the Win10 20H2 update. Hope that helps you narrow down and simulate the cause.

    • Björn Lagerwall's avatar
      Björn Lagerwall
      Brass Contributor
      Dec 02, 2020

      Dadoks yeah will post here. Case is still ongoing. Apparently Edge Team and WIP Team now are looking into the issue. 

       

      Using an older version of Edge (ver 85 if I recall correctly) it started to work again. But the Edge auto-updated and it stopped once again. 

       

      Hopefully, they find it soon, granted complicated issue, bit still a long running case.

      • Björn Lagerwall's avatar
        Björn Lagerwall
        Brass Contributor
        Dec 14, 2020
        Hi all,

        Got an suggestion from Microsoft Support to change the corporate identity in WIP policy from tenant name to our AD name and it worked!

        See below explanation from Microsoft Support.


        Resolution: We made a change in the Edge 85-86 to check the domain of the profile's AAD identity instead of automatically treating all AAD identities as a work profile.
        In your case, the corporate identity was contoso.onmicrosoft.com, and your Work profile was contoso.com. We confirmed by checking edge://edge-dlp-internals/#NetworkIsolation-policies and seeing EnterpriseNetworkDomainNames we blank. After making the change of the corporate identity to contoso.com, you can now access your SharePoint site.

Resources