SOLVED

Azure AD sign-in stopped working / conditional access with Edge Insider

%3CLINGO-SUB%20id%3D%22lingo-sub-987572%22%20slang%3D%22en-US%22%3EAzure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-987572%22%20slang%3D%22en-US%22%3E%3CP%3EI%20have%20v80%20in%20dev%20channel%2C%20it%20used%20to%20work%2C%20but%20sometimes%20before%20v79%20it%20stopped%20to%20work.%3C%2FP%3E%0A%3CP%3EI%20have%20a%20profile%20%22Work%22%20i%20have%20logged%20in%20with%20my%20organizational%20%2F%20Azure%20AD%20account%20for%20profile%2C%20all%20sync%20is%20on%20and%20working.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHowever%2C%20when%20I%20want%20to%20login%20to%20%3CA%20href%3D%22https%3A%2F%2Fportal.office.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.office.com%3C%2FA%3E%20I%20am%20denied%20access%20due%20to%20Azure%20AD%20conditional%20policies.%20(It%20works%20from%20Internet%20Explorer%20or%20(old)%20Edge)%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIt%20seems%20that%20Edge%20Insider%20stopped%20reading%20info%20from%20my%20device%20(AAD%20registerd%20device%20%2F%20MDM%20Intune%2C%20compliance%20status)%20and%20this%20info%20is%20not%20passed%20for%20login%20to%20Office%20365%20and%20other%20services.%3CBR%20%2F%3E%3CBR%20%2F%3EI%20have%20tried%20to%20delete%20profile%20folder%20and%20recreate%20it%2C%20but%20the%20same%20issue.%3CBR%20%2F%3EAny%20idea%2C%20or%20how%20to%20troubleshoot%20in%20more%20detail%20from%20Edge%20Insider%20browser%20side%3F%20Any%20workaround%3F%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%2C%3C%2FP%3E%0A%3CP%3EKind%20regards%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1001112%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1001112%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F280793%22%20target%3D%22_blank%22%3E%40hkusulja%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EIf%20you%20can%20please%20answer%20these%20questions%2C%20it%20would%20be%20very%20helpful%20for%20us%20to%20troubleshoot.%3C%2FP%3E%0A%3COL%3E%0A%3CLI%3EWhen%20you%20login%20to%20portal.office.com%20on%20your%20work%20profile%2C%20do%20you%20have%20to%20enter%20your%20credentials%20manually%20or%20are%20you%20being%20signed%20in%20automatically%3F%26nbsp%3B%3C%2FLI%3E%0A%3CLI%3EWhen%20Conditional%20Access%20is%20blocking%20your%20access%2C%20do%20you%20see%20a%20page%20similar%20to%20the%20one%20in%20the%20screenshot%20at%20the%20link%20below%3F%26nbsp%3B%20Any%20screenshots%20you%20could%20attach%20of%20the%20error%20message%2Fpage%20would%20be%20very%20helpful!%3CUL%3E%0A%3CLI%3E%3CA%20href%3D%22https%3A%2F%2Fnam06.safelinks.protection.outlook.com%2F%3Furl%3Dhttps%253A%252F%252Fdocs.microsoft.com%252Fen-us%252Fdeployedge%252Fsecurity-overview%26amp%3Bdata%3D04%257C01%257CJason.Lam%2540microsoft.com%257Cb8ebe85c89204e8ebe2608d764afec1e%257C72f988bf86f141af91ab2d7cd011db47%257C1%257C0%257C637088579054691549%257CUnknown%257CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%253D%257C-1%26amp%3Bsdata%3DFR2d10B1FyhXsT5gPHi88eCZPJs%252FwaUsekFI%252Bgs%252FmqI%253D%26amp%3Breserved%3D0%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fsecurity-overview%3C%2FA%3E%3C%2FLI%3E%0A%3C%2FUL%3E%0A%3C%2FLI%3E%0A%3CLI%3EDoes%20this%20issue%20occur%20on%20the%20latest%20Canary%20channel%20build%3F%3C%2FLI%3E%0A%3C%2FOL%3E%0A%3CP%3EThank%20you%20for%20your%20time!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1001678%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1001678%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F451178%22%20target%3D%22_blank%22%3E%40JasonL-%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHi%2C%3CBR%20%2F%3EI%20have%20latest%20dev%20channel%2C%20not%20using%20canary.%20It%20used%20to%20work%2C%20but%20in%20past%202%2B%20months%20it%20stopped.%3CBR%20%2F%3EWhen%20try%20to%20login%2C%20example%20to%20%3CA%20href%3D%22https%3A%2F%2Fportal.office.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.office.com%3C%2FA%3E%2C%20it%20asks%20for%20username%2Fpassword.%20Normally%20it%20should%20auto%20login%20or%20show%20under%20account%20%22Connected%20to%20Windows%22%20which%20is%20not%20showing%20in%20Edge%20Insider%20(old%20Edge%20is%20working%20normally.)%3CBR%20%2F%3EYes%2C%20according%20to%20docs%2C%20this%20is%20message%2Fscreenshot%20I%20get.%3CBR%20%2F%3ESo%20somehow%20it%20is%20not%20detecting%20credentials%20from%20my%20Windows%2010%20OS%20(including%20Intune%20compliance%20etc.)%20.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1004378%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1004378%22%20slang%3D%22en-US%22%3EBTW...if%20you%20have%20WIP%20enabled...then%20is%20your%20above%20issue%20resolved%20after%20doing%20the%20following%3F%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-troubleshooting%23how-do-i-resolve-error-code--2147024540%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fdeployedge%2Fmicrosoft-edge-troubleshooting%23how-do-i-resolve-error-code--2147024540%3C%2FA%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1006879%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1006879%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F402188%22%20target%3D%22_blank%22%3E%40Naren-%3C%2FA%3E%26nbsp%3BOk%2C%20I%20have%20tried%20several%20devices%2C%20everywhere%20when%20I%20login%20to%20AAD%20profile%2C%20it%20shows%20my%20profile%20on%20portal.office.com%20as%20Connected%20to%20Windows.%20Except%20on%20my%20only%20%2F%20first%20device.%20So%20I%20do%20not%20know%20where%20is%20the%20error%20nor%20how%20to%20recreate%20%22work%22%20profile%20and%20re-login%20again%20so%20it%20is%20working%20with%20my%20Win10%20OS%20login%20to%20MS%20O365%20services..%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1010251%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1010251%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F280793%22%20target%3D%22_blank%22%3E%40hkusulja%3C%2FA%3E%26nbsp%3BAre%20you%20signed%20into%20this%20Edge%20on%20this%20device%20where%20you're%20not%20getting%20automatically%20signed%20in%3F%20You%20can%20check%20by%20looking%20at%20the%20menu%20here.%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F157319i66B7B37A037BE315%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20alt%3D%22clipboard_image_0.png%22%20title%3D%22clipboard_image_0.png%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1010698%22%20slang%3D%22en-US%22%3ERe%3A%20Azure%20AD%20sign-in%20stopped%20working%20%2F%20conditional%20access%20with%20Edge%20Insider%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1010698%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F211254%22%20target%3D%22_blank%22%3E%40Avi%20Vaid%3C%2FA%3E%26nbsp%3BYes%2C%20of%20course%2C%20Edge%20Insider%2C%20dev%20channel%2C%20Work%20profile%2C%20signed%20in%20with%20AAD%20account%20which%20is%20in%20sync.%20But%20when%20login%20to%20%3CA%20href%3D%22https%3A%2F%2Fportal.office.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%22%3Ehttps%3A%2F%2Fportal.office.com%3C%2FA%3E%20it%20does%20not%20see%20from%20my%20Win10%20this..%20The%20issue%20is%20only%20on%20one%20computer%2C%20uninstall%2Freinstall%20Edge%20insider%20does%20not%20resolve%20issue.%20In%20test%20VM%20and%20on%20other%20computers%20with%20same%20users%20it%20works%20normally.%20%3A%5C%3C%2Fimg%3E%26nbsp%3BMust%20be%20something%20inside%20particular%20Edge%20profile%20issue%2C%20but%20could%20not%20find%20what.%3CBR%20%2F%3EI%20have%20now%20deleted%20whole%26nbsp%3B%25localappdata%25%5CMicrosoft%5CEdge%20Dev%5CUser%20Data%20folder%2C%20and%20then%20opened%20Edge%20and%20created%20new%20profiles%20%2F%20and%20work%20profile%20is%20now%20working%20so%20issue%20is%20resolved.%20To%20bad%2C%20There%20is%20no%20sync%20about%20apps%20and%20history%20yet%2C%20this%20is%20another%20topic.%3C%2FP%3E%3C%2FLINGO-BODY%3E
MVP

I have v80 in dev channel, it used to work, but sometimes before v79 it stopped to work.

I have a profile "Work" i have logged in with my organizational / Azure AD account for profile, all sync is on and working.

 

However, when I want to login to https://portal.office.com I am denied access due to Azure AD conditional policies. (It works from Internet Explorer or (old) Edge)

 

It seems that Edge Insider stopped reading info from my device (AAD registerd device / MDM Intune, compliance status) and this info is not passed for login to Office 365 and other services.

I have tried to delete profile folder and recreate it, but the same issue.
Any idea, or how to troubleshoot in more detail from Edge Insider browser side? Any workaround?

 

Thank you,

Kind regards

6 Replies

@hkusulja 

If you can please answer these questions, it would be very helpful for us to troubleshoot.

  1. When you login to portal.office.com on your work profile, do you have to enter your credentials manually or are you being signed in automatically? 
  2. When Conditional Access is blocking your access, do you see a page similar to the one in the screenshot at the link below?  Any screenshots you could attach of the error message/page would be very helpful!
  3. Does this issue occur on the latest Canary channel build?

Thank you for your time!

@JasonL- 

Hi,
I have latest dev channel, not using canary. It used to work, but in past 2+ months it stopped.
When try to login, example to https://portal.office.com, it asks for username/password. Normally it should auto login or show under account "Connected to Windows" which is not showing in Edge Insider (old Edge is working normally.)
Yes, according to docs, this is message/screenshot I get.
So somehow it is not detecting credentials from my Windows 10 OS (including Intune compliance etc.) .

 

@Naren- Ok, I have tried several devices, everywhere when I login to AAD profile, it shows my profile on portal.office.com as Connected to Windows. Except on my only / first device. So I do not know where is the error nor how to recreate "work" profile and re-login again so it is working with my Win10 OS login to MS O365 services..

@hkusulja Are you signed into this Edge on this device where you're not getting automatically signed in? You can check by looking at the menu here. 

clipboard_image_0.png

best response confirmed by hkusulja (MVP)
Solution

@Avi Vaid Yes, of course, Edge Insider, dev channel, Work profile, signed in with AAD account which is in sync. But when login to https://portal.office.com it does not see from my Win10 this.. The issue is only on one computer, uninstall/reinstall Edge insider does not resolve issue. In test VM and on other computers with same users it works normally. :\ Must be something inside particular Edge profile issue, but could not find what.
I have now deleted whole %localappdata%\Microsoft\Edge Dev\User Data folder, and then opened Edge and created new profiles / and work profile is now working so issue is resolved. To bad, There is no sync about apps and history yet, this is another topic.