Edge Beta no longer auto signing in with federated Microsoft Work accounts

Contributor

Over the last month or so, we've started to see our hybrid AzureAD joined Windows 10 devices that are signed in with federated accounts, no longer automatically logging into Edge Beta.  Users now have to know to press the "Sign in" button in the upper right corner of Edge, and then it tells them "We've detected this account on your device and we need to verify it before you can complete sign in."  Then they press "Complete sign in" button and it signs them in. (pics below)

 

Its not happening to every user, seems random at this point.

 

I was hoping to not have to educate our users to sign in, as until recently it was all automatic.  Does anyone know what criteria is needed for this to be automatic, or what things might be causing the account to need to be verified first?  Thanks!

 

Version 80.0.361.50 (Official build) beta (64-bit)

Windows 10 1903 with at least January 2020 cumulative updates

 

Sign In.png

Complete Sign In.png

5 Replies

@SteveSta finding the same here, can't really see a reason for it. (on the full release version, not beta).

@SteveSta did you find a fix for this? Our hybrid join was broken but on fixing it its now doing the same thing you mentioned.

@SteveSta There are several policies that are controlling Browser Signin

 

What GPO are you using to force the sign-in? Are you using:

 

"Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account"

Any update on this? Experiencing this myself now in Release/Beta/Dev. It used to work fine. I am not using Federated authentication.

 

Machines are Azure AD hybrid joined. Account is E3.

@kqf_chris @SteveSta @OliverS91 @Steve Prentice Hi Everyone - I've reached out to the team about the issues you are experiencing and wanted to pass on the information from them.  

 

Users need to verify their account when their token state is unhealthy. This could be caused due to a number of reasons (some are below). In these scenarios, since the browser can't auth them due to unhealthy tokens, users need to verify their identity to help auth them. Note, that when this happens all other Microsoft apps should also prompt users for credentials and when they auth to any of them, MS Edge should also get auth'd since it keeps retrying. 

 

  1. Password changed
  2. 2FA changed
  3. TPM corrupted
  4. Admin triggered a sign out of all devices
  5. New network location that might be risky

If other Microsoft apps on the device are also prompting for credentials, the behavior you are seeing is by design. If it's only MS Edge prompting or the prompts keep coming back even after entering credentials, then we recommend filing a support case https://microsoftedgesupport.microsoft.com/hc/en-us.  

 

Hopefully that helps!  

 

-Kelly