Nov 02 2020 01:10 PM
Nov 02 2020 01:10 PM
We are trying to configure the Edge GPO to enable local sync of favorites, but we are unable to get the on-prem sign-in to work over VPN and so the local profile.pb is never created.
Our settings are as follows:
BrowserSignin = 1
ConfigureOnPremisesAccountAutoSignIn = 1
RoamingProfileSupportEnabled = 1
SyncDisabled = 0
When we login to Windows 10 with a cached credential, connect to VPN, and launch Edge with these settings, we get prompted to sign-in. The only account that seems to work is the "work or school account" which is our O365 email address. Signing in using this account results in the Edge account type and sync account type as AAD instead of on-prem and the message "sync isn't available for this account"
I believe the cause of the issue is the AD account is not being used to sign in to the browser even though ConfigureOnPremisesAccountAutoSignIn is set to 1. Doing a whoami at a command prompt shows my account name in domain\username format.
Using these same settings while logged into an on-site workstation results in on-premises sign in and sync working properly. Is there any reason why this functionality would not work on a cached local logon/VPN scenario?
Mar 05 2021 03:45 PM
@jdbst56 I just spoke to our Identity Team and they mentioned that in your case it seems like, in VPN configuration, the Windows API that MS Edge is using, is not returning the account information needed for on-premises. They have asked the following:
Are you able to try the following steps to validate this?
If you cannot delete the data, then can you try the following? Create a folder and launch MS Edge with additional parameter: --user-data-dir=<folder-name>
If this works, then it confirms that the previously mentioned new policy the team is investigating will help in your scenario. Unfortunately, there is no ETA for the new policy right now but we will keep an eye out for updates from the team.
Thanks for your patience!
Mar 25 2021 06:10 AM
May 14 2021 09:52 PM
May 27 2021 08:40 AM
Jun 23 2021 06:49 AM
Sep 02 2021 04:02 PM
Hi Everyone - Circling back to this thread, we have just added a new policy for this scenario starting in Microsoft Edge v94. MS Edge Beta Version 94.0.992.9 was just released today (https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnote-beta-channel#version-9409929-sept...
Here is a link to the policy documentation for OnlyOnPremisesImplicitSigninEnabled: