SOLVED

New accounts try to sync to AD account and not the AAD account

Highlighted
Occasional Contributor

I'm beginning preparations to roll out Edge across our company but ran into a problem with our test group

 

Our laptops are AD-joined and when you first open Edge and import your settings from Chrome its importing this into an AD account which isn't sync capable. We need the default experience to be to prompt the user for their work account and to then set up the import and sync from there

 

Presumably this isn't a problem for AAD-joined devices as they could already reference that account by default but we're not in a situation to switch over just yet unfortunately

10 Replies
Highlighted

Hi,
Which Edge insider channel/version have you tried?

I'm asking because as far as I remember, the beta channel has a flag related to "AAD" that needs to be enabled before AAD accounts are able to sync. on Edge canary that I'm checking now, it's not available because that feature is now built into the browser by default.

Highlighted

@HotCakeX: I'm using the Beta channel, AAD sync is working as anticipated. However that is only when you create a new profile

 

If I set up a test user and open Edge, I'm prompted to import from Chrome and that initial user it sets up and imports everything into is the AD account which is not capable of syncing. I can create a new profile and then import again and that is then importing into the AAD account as seen below

 

Accounts on Edge.png

Highlighted
So the problem happens only in hybrid configurations where both AAD and AD are present on user's system?
you could try Canary channel too and see if the result is different
Highlighted

@HotCakeX: Correct. I was hoping there would be a flag I could set somewhere, or a setting via GPO to prevent creating the default user as the AD account and instead prompt for an AAD login

 

I'll run a test and feedback on here

Highlighted

@HotCakeX: Same behaviour unfortunately on Canary (v80.0.344.0). Presumably this feature is checking whether the user account is AD or AAD and then uses that rather than checking the presence of a Work Account which would be the more desirable behaviour

 

image.png

Highlighted
Best Response confirmed by SC-Benny (Occasional Contributor)
Solution
Thanks for checking anyway, hopefully one of the devs will see this and fill a bug report for it
Highlighted

@SC-Benny  We have the same issue here. Are you workstations Azure joined? 

Highlighted

@VladimirK They are Hybrid Azure Joined devices. However I've kept an eye on the change summaries from recent releases and this issue was resolved in version 80.0.361.5 that was released on December 17th. I'd recommend setting that up for a test user and seeing if that resolves it for you as well. At the time I tested with a new user on the Canary branch and was correctly prompted to set everything up for the AAD user over the AD user

 

Relevant link: https://techcommunity.microsoft.com/t5/Discussions/Dev-channel-update-to-80-0-361-5-is-live/m-p/1070...

 

Fixed an issue where Edge installations on Azure Active Directory domain-joined machines get signed into the wrong account on first run.
Highlighted

@SC-Benny I had the same issue and just found the solution in GPO. Use a combination of the following  Edge policies:

 

Configure whether a user always has a default profile automatically signed in with their work or school account - Disabled
Enable Proactive Authentication - Enabled
Restrict which accounts can be used as Microsoft Edge primary account - .*@yourdomain.com

 

Highlighted

@SC-Benny We have this problem aswell. But...

It does not work on Windows 10 1803 when logging with user@han.nl or staff\user. Edge will try to logon with staff\user, and fails.

It works on Windows 7 when logged on with staff\[account] somehow it "finds" a account with user@han.nl.

That is with the same version of Edge, stable, 80.0.361.50, and user based GPO settings.

It seems that it is platform dependent.

And, the suggested settings do not resolve the issue.

 

reg, Henno