Forum Discussion
Solved
Windows 10 WIP rules and Chromium Edge cannot access Sharepoint Online ERR_BLOCKED_BY_ADMINISTRATOR
Hi all, A few weeks ago Sharepoint Online access via Edge (Chromium) browser stopped working from our AAD joined + Intune Windows 10 (2004) computers. Error from Edge: You don’t have acc...
- Hi all,
Got an suggestion from Microsoft Support to change the corporate identity in WIP policy from tenant name to our AD name and it worked!
See below explanation from Microsoft Support.
Resolution: We made a change in the Edge 85-86 to check the domain of the profile's AAD identity instead of automatically treating all AAD identities as a work profile.
In your case, the corporate identity was contoso.onmicrosoft.com, and your Work profile was contoso.com. We confirmed by checking edge://edge-dlp-internals/#NetworkIsolation-policies and seeing EnterpriseNetworkDomainNames we blank. After making the change of the corporate identity to contoso.com, you can now access your SharePoint site.
Dadoks Hey,
I have the case up at engineering now and they want me to test more stuff. Hopefully I get time today toi test. I'll post my findings here.
BR
Björn
Björn Lagerwall Please let us know what you results are. I also noticed that the issue seems to be particular to systems that have recieved the Win10 20H2 update. Hope that helps you narrow down and simulate the cause.
Dadoks yeah will post here. Case is still ongoing. Apparently Edge Team and WIP Team now are looking into the issue.
Using an older version of Edge (ver 85 if I recall correctly) it started to work again. But the Edge auto-updated and it stopped once again.
Hopefully, they find it soon, granted complicated issue, bit still a long running case.
- Hi all,
Got an suggestion from Microsoft Support to change the corporate identity in WIP policy from tenant name to our AD name and it worked!
See below explanation from Microsoft Support.
Resolution: We made a change in the Edge 85-86 to check the domain of the profile's AAD identity instead of automatically treating all AAD identities as a work profile.
In your case, the corporate identity was contoso.onmicrosoft.com, and your Work profile was contoso.com. We confirmed by checking edge://edge-dlp-internals/#NetworkIsolation-policies and seeing EnterpriseNetworkDomainNames we blank. After making the change of the corporate identity to contoso.com, you can now access your SharePoint site.