Hi Community,

we are using Azure AD Premium P2 with Enterprise Applications and our enterprise now requires special Windows 10 Devices in Manufacturing to speed up a business process.
The devices are hybrid joined and there is always one generic user signed in (AD synced user).

I would like to achieve that the Browser always asks for the username when browsing the Sign on URL of an Enterprise Application.

So far I have set these REG Keys:

HKLM\SOFTWARE\Policies\Microsoft\MicrosoftAccount\DisableUserAuth
REG_DWORD = 1

HKLM\ SOFTWARE\Policies\Microsoft\Edge\BrowserSignin
REG_DWORD = 1


This led Edge to prompting for Identity when browsing to https://office.com which is how  want it.

Unfortunately, it does not seem to work with the Sign on URL of an Enterprise App
Edge still takes the UPN of the signed in Windows user and would require the employee to click

“sign in with another user”


However if I open the Sign on URL in incognito mode, I’m required to enter an username
(exactly how I would like it for normal mode)

Also the users are opening multiple different links from an Excel file which then start Edge
(in normal mode) would there be a way to start Edge in InPrivate mode by default?
the shortcut method with the -InPrivate parameter doesn’t really help here.

Additional Info:
I cannot move the signed in synced user to an un-synced OU since the signed in user requires MS Teams work.

Thanks!