Nov 20 2019 08:55 AM
Nov 20 2019 08:55 AM
I'm beginning preparations to roll out Edge across our company but ran into a problem with our test group
Our laptops are AD-joined and when you first open Edge and import your settings from Chrome its importing this into an AD account which isn't sync capable. We need the default experience to be to prompt the user for their work account and to then set up the import and sync from there
Presumably this isn't a problem for AAD-joined devices as they could already reference that account by default but we're not in a situation to switch over just yet unfortunately
Nov 23 2019 05:42 AM - edited Nov 23 2019 05:45 AM
Which Edge insider channel/version have you tried?
I'm asking because as far as I remember, the beta channel has a flag related to "AAD" that needs to be enabled before AAD accounts are able to sync. on Edge canary that I'm checking now, it's not available because that feature is now built into the browser by default.
Nov 25 2019 01:53 AM
@HotCakeX: I'm using the Beta channel, AAD sync is working as anticipated. However that is only when you create a new profile
If I set up a test user and open Edge, I'm prompted to import from Chrome and that initial user it sets up and imports everything into is the AD account which is not capable of syncing. I can create a new profile and then import again and that is then importing into the AAD account as seen below
Nov 25 2019 03:01 AM
Nov 25 2019 04:06 AM
@HotCakeX: Correct. I was hoping there would be a flag I could set somewhere, or a setting via GPO to prevent creating the default user as the AD account and instead prompt for an AAD login
I'll run a test and feedback on here
Nov 26 2019 02:44 AM
@HotCakeX: Same behaviour unfortunately on Canary (v80.0.344.0). Presumably this feature is checking whether the user account is AD or AAD and then uses that rather than checking the presence of a Work Account which would be the more desirable behaviour
Nov 26 2019 03:10 AMSolution
Dec 30 2019 08:01 AM
@VladimirK They are Hybrid Azure Joined devices. However I've kept an eye on the change summaries from recent releases and this issue was resolved in version 80.0.361.5 that was released on December 17th. I'd recommend setting that up for a test user and seeing if that resolves it for you as well. At the time I tested with a new user on the Canary branch and was correctly prompted to set everything up for the AAD user over the AD user
Fixed an issue where Edge installations on Azure Active Directory domain-joined machines get signed into the wrong account on first run.
Dec 30 2019 11:49 AM
@SC-Benny I had the same issue and just found the solution in GPO. Use a combination of the following Edge policies:
Configure whether a user always has a default profile automatically signed in with their work or school account - Disabled
Enable Proactive Authentication - Enabled
Restrict which accounts can be used as Microsoft Edge primary account - .*@yourdomain.com
Feb 12 2020 06:00 AM - edited Feb 12 2020 06:15 AM
@SC-Benny We have this problem aswell. But...
It does not work on Windows 10 1803 when logging with firstname.lastname@example.org or staff\user. Edge will try to logon with staff\user, and fails.
It works on Windows 7 when logged on with staff\[account] somehow it "finds" a account with email@example.com.
That is with the same version of Edge, stable, 80.0.361.50, and user based GPO settings.
It seems that it is platform dependent.
And, the suggested settings do not resolve the issue.