Home

Edge Support for SSO

%3CLINGO-SUB%20id%3D%22lingo-sub-96302%22%20slang%3D%22en-US%22%3EEdge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96302%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20any%20work%20being%20done%20to%20suport%20Office%20365%20Passthrough%20Authentication%20SSO%20with%20Edge%3F%20It%20is%20still%20not%20supported%20while%20Chrome%2C%20IE%20and%20Firefox%20are.%20This%20is%20a%20bummer%20for%20Orgs%20deploying%20Win10.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-sso%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-sso%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-364095%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-364095%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20is%20the%20end%20of%20edge%2C%20so%E2%80%A6.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20best%20way%20is%20to%20deploy%20Firefox%20and%20use%20seamless%20SSO%2C%20i%20think%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-364091%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-364091%22%20slang%3D%22en-US%22%3E%3CP%3EI%20find%20it%20incredible%20that%20its%20March%202019%20and%20still%20no%20AAD%20Seamless%20SSO%20for%20Edge%20without%20having%20to%20have%20your%20Win%2010%20machine%20AAD%20joined!%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ECan%20anyone%20at%20Microsoft%20(or%20otherwise)%20shed%20any%20light%20on%20why%20this%20is%20the%20case%3F%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ESome%20further%20questions%2Fcomments%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20MS%20documentation%20talks%20about%20machines%20being%20AAD%20joined%20but%20also%20Hybrid%20AAD%20joined%20(where%20the%20win%2010%20machine%26nbsp%3Bis%20also%26nbsp%3BAD%20joined).%26nbsp%3B%20I%20can't%20immediately%20tell%20if%20a%20win%2010%20machine%20that%20is%20already%20AD%20joined%20can%20then%20be%20AAD%20joined%20WITHOUT%20it%20them%20being%20considered%20to%20be%20%22Hybrid%20AAD%20joined%22.%26nbsp%3B%20Hybrid%20AAD%20joined%20has%20some%20potential%20repercussions%20for%20us%20and%20it%20would%20be%20good%20to%20clearly%20understand%20if%20a%20machine%20can%20be%20AD%20and%20AAD%20joined%20simultaneously%20without%20it%20being%20Hybrid%20AAD%20joined%20(along%20with%20all%20the%20AAD%20Connect%20and%20computer%20object%20sync%20that%20goes%20with%20that%20concept).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E-%20With%20respect%20to%20Edge%20moving%20to%20using%20the%20chromium%20engine%3A%26nbsp%3B%20Is%20there%20any%20hint%20that%20AAD%20Seamless%20SSO%20may%20make%20an%20appearance%20with%20that%20change%2C%20to%20match%20the%20fact%20that%20Chrome%20can%20undertake%20AAD%20Seamless%20SSO%3F%26nbsp%3B%20(something%20that%20seems%20%22challenging%22%20to%20MS%20for%20their%20own%20browser)%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20lack%20of%20AAD%20Seamless%20SSO%20support%20for%20Edge%20is%20another%20nail%20in%20the%20coffin%20for%20Edge%20being%20considered%20by%20us%20as%20our%20default%20browser%20moving%20forward.....%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-292834%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-292834%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20confirming%20that%20for%20me%20at%20least%2C%20if%20the%20device%20is%26nbsp%3B%3CSTRONG%3EAzure%20AD%20Registered%3C%2FSTRONG%3E%2C%20you%20get%20SSO%20with%20Edge.%20If%20not%2C%20it%20will%20ask%20for%20password.%20I've%20also%20experienced%20that%20the%20device%20was%20Azure%20AD%20Registered%20but%20still%20no%20SSO%20and%20when%20starting%20Outlook%20it%20wanted%20me%20to%20confirm%20the%20Azure%20AD%20Registration%20so%20it%20could%20be%20that%20it%20suddenly%20lost%20the%20registration%20and%20therefore%20not%20giving%20SSO%20because%20once%20confirming%20the%20registration%20I%20got%20SSO%20again.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20also%20assume%20that%26nbsp%3B%3CSTRONG%3EHybrid%20Azure%20AD%20joined%3C%2FSTRONG%3E%20will%20give%20an%20SSO%20experience%20with%20Edge.%20I%20will%20try%20this%20and%20report%20back%20here.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EBut%20of%20course%2C%20best%20would%20be%20to%20also%20let%20Edge%20have%20SSO%20support.%20Don't%20know%20what%20is%20taking...%20Even%20though%20we%20see%20most%20customers%20running%20hybrid%20with%20Azure%20AD%20Connect%20also%20have%20their%20devices%20Azure%20AD%20Registered%20or%20Hybrid%20Azure%20AD%20joined.%20Some%20problem%20for%20downlevel%20clients%20but%20we%20more%20or%20less%20say%20that%20you%20need%20Windows%2010%20for%20the%20best%20experience%20in%20Microsoft%20Cloud...%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-201286%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-201286%22%20slang%3D%22en-US%22%3E%3CP%3Eno%20edge%20is%20not%20yet%20supported.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20first%20time%20you%20launch%20edge%2C%20it%20ask%20for%20login%20and%20password.%20For%20next%20time%2C%20maybe%2C%20edge%20can%20remeber%20but%20it%20is%20not%20supported%20like%20IE%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-175846%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-175846%22%20slang%3D%22en-US%22%3E%3CP%3EBelieve%20or%20not%20believe%2C%20still%20Microsoft%20did%20not%20solve%20this%20issue%3F%20Is%20from%20last%20year.%20I%20was%20interested%20in%20implement%20Seamless%20SSO%20but%20is%20not%20support%20Edge%20this%20is%20a%20problem.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-174300%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-174300%22%20slang%3D%22en-US%22%3E%3CP%3EYours%20works%20because%20you%20have%20registered%20your%20workstations%20with%20Azure%20and%20your%20using%20ad%20connect%20not%20Azure%20AD%20Connect.%20They%20are%20two%20different%20software%20products.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-173149%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-173149%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20appears%20to%20be%20working%20for%20me.%20I%20have%20AD%20Connect%20with%20SSO%20configured%20on%20an%20on-premise%20AD%20server%20(2012R2)%20and%20that%20is%20syncing%20with%20an%20Office%20365%20tenancy%20(Education).%20I%20have%20a%20Win10%20Education%20(1709)%20virtual%20machine%20(VM)%20which%20is%20joined%20AND%20registered%20in%20the%20Azure%20AD%20of%20the%20Office%20365%20tenancy%20via%20AD%20Connect.%20The%20join%20appears%20to%20take%20place%20once%20the%20Win10%20VM%20has%20joined%20the%20local%20AD%20domain%2C%20made%20some%20sort%20of%20connection%20(or%20attempted)%20to%20an%20Office%20365%20login%20URL%2C%20and%20an%20AD%20Connect%20sync%20cycle%20has%20run.%20No%20particular%20user%20needs%20to%20be%20logged%20in%20to%20the%20Win10%20VM%20for%20that%20to%20happen.%20Registration%20appears%20to%20happen%20once%20the%20Win10%20VM%20has%20%3CSPAN%3Emade%20some%20sort%20of%20connection%20(or%20attempted)%20to%20an%20Office%20365%20login%20URL%20while%20a%20domain%20user%20is%20logged%20in%20that%20is%20having%20their%20account%20synced%20with%20Azure%20AD%20via%20AD%20Connect%2C%20and%20an%20AD%20Connect%20sync%20cycle%20has%20run.%20DSRegCmd.exe%20is%20a%20useful%20command%20to%20run%20on%20the%20Win10%20client%20to%20check%20if%20join%20and%20registration%20is%20successful%2C%20besides%20seeing%20what%20has%20appeared%20in%20your%20Devices%20area%20in%20the%20Azure%20AD%20admin%20console.%20WamDefaultSet%3DYes%20seems%20to%20be%20the%20value%20you%20need%20to%20see%20via%20DsRegCmd%20to%20know%20that%20registration%20is%20successful.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EOnce%20the%20Win10%20client%20has%20registered%20successfully%2C%20I%20am%20finding%20that%20opening%20Edge%20and%20going%20to%20portal.office.com%20results%20in%20that%20user%20being%20signed%20in%20without%20the%20need%20to%20enter%20a%20username%20or%20password.%20I%20also%20see%20that%20the%20account%20is%20shown%20in%20the%20settings%20area%20in%20Edge.%20And%20once%20the%20registration%20has%20been%20successful%20for%20the%20Win10%20client%2C%20any%20subsequent%20user%20logging%20on%20to%20that%20computer%20will%20also%20experience%20this%20Seamless%20Single%20Sign-on%20to%20Office%20365%2C%20using%20Edge%20or%20IE.%20Chrome%20seems%20to%20always%20prompt%20for%20a%20username.%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%3EI'd%20be%20interested%20to%20know%20if%20anyone%20else%20is%20getting%20this%20to%20work%2C%20as%20my%20testing%20is%20fairly%20limited%3A%20a%20single%20tenancy%20and%20local%20AD%2C%20a%20couple%20of%20Win10%20VMs%20and%20a%20few%20users.%20And%20I%20know%20it%20shouldn't%20work%20according%20to%20Microsoft.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-167175%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-167175%22%20slang%3D%22en-US%22%3EAny%20update%20on%20this%3F%20It's%20crazy%20that%20Microsoft's%20default%20browser%20for%20Windows%2010%20can%20SSO%20to%20Office%20365%20without%20being%20Azure%20AD%20joined!%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96925%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96925%22%20slang%3D%22en-US%22%3E%3CP%3EThanks%2C%20I%20had%20not.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3ENothing%20like%20inconsistent%20documentation%20(%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96914%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96914%22%20slang%3D%22en-US%22%3E%3CP%3EHave%20you%20checked%20my%20original%20link%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20999px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F18725iC0BA5149CE2EDA97%2Fimage-size%2Flarge%3Fv%3D1.0%26amp%3Bpx%3D999%22%20alt%3D%22Edge.jpg%22%20title%3D%22Edge.jpg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96907%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96907%22%20slang%3D%22en-US%22%3E%3CP%3EI%20must%20be%20blind%2C%20i'm%20not%20seeing%20any%20note%20about%20Edge%20support%20being%20removed.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EDomain%20Joined%20devices%20can%20be%20Registered%20with%20Azure%20AD%2C%20see%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-azureadjoin-devices-group-policy%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Factive-directory-azureadjoin-devices-group-policy%3C%2FA%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96898%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96898%22%20slang%3D%22en-US%22%3E%3CP%3ERight%2C%20my%20clients%20are%20Domain%20Joined...so%20it%20does%20not%20work.%20It%20appears%20in%20a%20recent%20update%20they%20tried%20to%20make%20it%20work%2C%20but%2C%20as%20the%20note%20says%2C%20Edge%20support%20has%20been%20removed%20while%20they%20investigate.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96894%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96894%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F137%22%20target%3D%22_blank%22%3E%40Matthew%20McDermott%3C%2FA%3Eit%20should%20work%2C%20you%20need%20to%20be%20Azure%20AD%20Joined%2C%20which%20is%20different%20than%20domain%20joined.%3C%2FP%3E%3CP%3Etake%20a%20look%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-pass-through-authentication-current-limitations%26nbsp%3B%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Fconnect%2Factive-directory-aadconnect-pass-through-authentication-current-limitations%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96453%22%20slang%3D%22en-US%22%3ERe%3A%20RE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96453%22%20slang%3D%22en-US%22%3EChristopher%2C%20You%20lost%20me%2C%20%22domain%20joined%20to%20Azure%22%3F%20I%20thought%20the%20machine%20needed%20to%20be%20domain%20joined%20to%20my%20on%20prem%20domain%3F%20Can%20you%20clarify%20your%20answer%3F%20The%20documentation%20currently%20states%20that%20it%20does%20not%20work%20as%20does%20our%20testing.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-96352%22%20slang%3D%22en-US%22%3ERE%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-96352%22%20slang%3D%22en-US%22%3EThis%20actually%20does%20work%2C%20but%20you%20have%20to%20have%20your%20machine%20domain%20joined%20to%20azure%20AD%20%3A(.%20But%20with%20their%20new%20sign%20on%20experience%2C%20no%20SSO%20works.....%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-644012%22%20slang%3D%22en-US%22%3ERe%3A%20Edge%20Support%20for%20SSO%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-644012%22%20slang%3D%22en-US%22%3E%3CP%3EJust%20want%20to%20leave%20a%20quick%20note%20for%20anyone%20looking%20at%20this%20thread%20and%20mistakenly%20thinks%20that%20the%20topic%20is%20applicable%20to%20Orgs%20that%20are%20using%20federated%20SSO%20with%20AD%20FS.%20SSO%20in%20Edge%20works%20for%20us%2C%20running%26nbsp%3BAD%20FS%20v.3%20on%202012R2.%20For%20a%20long%20time%20we%20thought%20that%20SSO%20was%20not%20supported%20with%20AD%20FS%20on%20Edge%2C%20especially%20when%20it%20failed%20after%20we%20added%20%22Edge%2F12%22%20to%20supported%20UA%20strings.%20Finally%2C%20after%20adding%20%22Mozilla%2F5.0%22%2C%20the%20SSO%20for%20both%20Edge%20and%20Chrome%20started%20to%20work.%20This%20was%20a%20major%20improvement%20as%20our%20users%20were%20previously%20stuck%20with%20IE%20and%20its%20horrific%20SharePoint%20performance.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Matthew McDermott
MVP

Is any work being done to suport Office 365 Passthrough Authentication SSO with Edge? It is still not supported while Chrome, IE and Firefox are. This is a bummer for Orgs deploying Win10.

https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-sso

16 Replies
This actually does work, but you have to have your machine domain joined to azure AD :(. But with their new sign on experience, no SSO works.....
Christopher, You lost me, "domain joined to Azure"? I thought the machine needed to be domain joined to my on prem domain? Can you clarify your answer? The documentation currently states that it does not work as does our testing.

@Matthew McDermottit should work, you need to be Azure AD Joined, which is different than domain joined.

take a look https://docs.microsoft.com/en-us/azure/active-directory/connect/active-directory-aadconnect-pass-thr...

Right, my clients are Domain Joined...so it does not work. It appears in a recent update they tried to make it work, but, as the note says, Edge support has been removed while they investigate.

I must be blind, i'm not seeing any note about Edge support being removed. 

 

Domain Joined devices can be Registered with Azure AD, see https://docs.microsoft.com/en-us/azure/active-directory/active-directory-azureadjoin-devices-group-p...

Have you checked my original linkEdge.jpg

Thanks, I had not. 

 

Nothing like inconsistent documentation (:

 

Any update on this? It's crazy that Microsoft's default browser for Windows 10 can SSO to Office 365 without being Azure AD joined!

It appears to be working for me. I have AD Connect with SSO configured on an on-premise AD server (2012R2) and that is syncing with an Office 365 tenancy (Education). I have a Win10 Education (1709) virtual machine (VM) which is joined AND registered in the Azure AD of the Office 365 tenancy via AD Connect. The join appears to take place once the Win10 VM has joined the local AD domain, made some sort of connection (or attempted) to an Office 365 login URL, and an AD Connect sync cycle has run. No particular user needs to be logged in to the Win10 VM for that to happen. Registration appears to happen once the Win10 VM has made some sort of connection (or attempted) to an Office 365 login URL while a domain user is logged in that is having their account synced with Azure AD via AD Connect, and an AD Connect sync cycle has run. DSRegCmd.exe is a useful command to run on the Win10 client to check if join and registration is successful, besides seeing what has appeared in your Devices area in the Azure AD admin console. WamDefaultSet=Yes seems to be the value you need to see via DsRegCmd to know that registration is successful.

 

Once the Win10 client has registered successfully, I am finding that opening Edge and going to portal.office.com results in that user being signed in without the need to enter a username or password. I also see that the account is shown in the settings area in Edge. And once the registration has been successful for the Win10 client, any subsequent user logging on to that computer will also experience this Seamless Single Sign-on to Office 365, using Edge or IE. Chrome seems to always prompt for a username.

 

I'd be interested to know if anyone else is getting this to work, as my testing is fairly limited: a single tenancy and local AD, a couple of Win10 VMs and a few users. And I know it shouldn't work according to Microsoft. 

Yours works because you have registered your workstations with Azure and your using ad connect not Azure AD Connect. They are two different software products.

Believe or not believe, still Microsoft did not solve this issue? Is from last year. I was interested in implement Seamless SSO but is not support Edge this is a problem.

no edge is not yet supported.

 

The first time you launch edge, it ask for login and password. For next time, maybe, edge can remeber but it is not supported like IE

Just confirming that for me at least, if the device is Azure AD Registered, you get SSO with Edge. If not, it will ask for password. I've also experienced that the device was Azure AD Registered but still no SSO and when starting Outlook it wanted me to confirm the Azure AD Registration so it could be that it suddenly lost the registration and therefore not giving SSO because once confirming the registration I got SSO again.

 

I also assume that Hybrid Azure AD joined will give an SSO experience with Edge. I will try this and report back here.

 

But of course, best would be to also let Edge have SSO support. Don't know what is taking... Even though we see most customers running hybrid with Azure AD Connect also have their devices Azure AD Registered or Hybrid Azure AD joined. Some problem for downlevel clients but we more or less say that you need Windows 10 for the best experience in Microsoft Cloud...

I find it incredible that its March 2019 and still no AAD Seamless SSO for Edge without having to have your Win 10 machine AAD joined!

 

Can anyone at Microsoft (or otherwise) shed any light on why this is the case?

 

Some further questions/comments:

 

- MS documentation talks about machines being AAD joined but also Hybrid AAD joined (where the win 10 machine is also AD joined).  I can't immediately tell if a win 10 machine that is already AD joined can then be AAD joined WITHOUT it them being considered to be "Hybrid AAD joined".  Hybrid AAD joined has some potential repercussions for us and it would be good to clearly understand if a machine can be AD and AAD joined simultaneously without it being Hybrid AAD joined (along with all the AAD Connect and computer object sync that goes with that concept).

 

- With respect to Edge moving to using the chromium engine:  Is there any hint that AAD Seamless SSO may make an appearance with that change, to match the fact that Chrome can undertake AAD Seamless SSO?  (something that seems "challenging" to MS for their own browser)

 

The lack of AAD Seamless SSO support for Edge is another nail in the coffin for Edge being considered by us as our default browser moving forward.....

 

It is the end of edge, so….

 

The best way is to deploy Firefox and use seamless SSO, i think

Highlighted

Just want to leave a quick note for anyone looking at this thread and mistakenly thinks that the topic is applicable to Orgs that are using federated SSO with AD FS. SSO in Edge works for us, running AD FS v.3 on 2012R2. For a long time we thought that SSO was not supported with AD FS on Edge, especially when it failed after we added "Edge/12" to supported UA strings. Finally, after adding "Mozilla/5.0", the SSO for both Edge and Chrome started to work. This was a major improvement as our users were previously stuck with IE and its horrific SharePoint performance.

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
16 Replies
flashing a white screen while open new tab
cntvertex in Discussions on
11 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
28 Replies
Early preview of Microsoft Edge group policies
Sean Lyndersay in Discussions on
65 Replies