SOLVED

Edge Browser on Server 2016 (RDS/XenApp) - Azure AD sync not working

Highlighted
New Contributor

We're intending to use Edge Browser (Stable Release 79.0.309.71) on Citrix XenApp, based on Windows Server 2016 OS.

The XenApp servers are Hybrid Azure AD Joined, which means when a user opens O365 portals inside Internet Explorer, he/she doesn't have to enter any credentials. The credentials used to log on to the Citrix Session are being used and the user experiences 'seamless SSO' behavior.

When using the newly installed Edge Browser the experience is totally different... The credentials are not passed to Azure AD automatically, and the user is asked to enter his/her azure account email address before continuing.

 

Also Azure Conditional Access isn't working as expected when using MS Edge. When opening O365 portals inside a citrix session (=from a trusted device) the user should never be asked for MFA credentials. This is working fine in Internet Eplorer, but not in Edge Browser, where users are being asked for MFA credentials.

 

MS documentation for Azure CA indeed only mentions IE as supported browser on Windows Server 2016, so it seems 'expected behavior, by design': https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/technical-reference

 

Is Microsoft intending to provide support for Edge Browser on Server 2016 for Azure CA? As this is the browser MS wants users to switch to, it is very important to provide the same behavior (seamless SSO to Azure) as users are seeing when using the 'deprecated' IE browser.

 

Anyone having the same issues/requests?

 

Thx!

Wout Reynaert

2 Replies
Highlighted
Best Response confirmed by woutreynaert (New Contributor)
Solution

@woutreynaert  conditional access support in chromium based Edge relies on WAM which is only available in Windows Server 2016  (Build:16299, RS3 ) and above. But I don't think there is a desktop version for that. Windows Server 2019 has full support for Conditional Access. 

Highlighted

@Arunesh  Thx, I will have a look and check if my issue is resolved in this version of Windows Server 2016