On-premises sync for AD users not working

Copper Contributor



we want to use the On-premises sync of AD users in our enterprise (> 10.000 users).


Unfortunately, it doesn't work. The error message in "edge://sync-internals" is the following:




Error Description: Microsoft Information Protection service is disabled


The thing is, the feature used to work back when it was first integrated into Edge. At some point (M86 or M87) it stopped working.


We have configured serveral group policies, including:


RoamingProfileSupportEnabled: 1

RoamingProfileLocation: Path on a network share

ConfigureOnPremisesAccountAutoSignIn: 1

NonRemovableProfileEnabled: 1

ForceSync: 1


I tried installing the Microsoft Azure Information Protection client. Now, Edge sometimes says that sync is enabled, but a profile.pb never gets generated. When I restart the browser, sync is disabled again.

4 Replies

I attached a screenshot of edge://sync-internals

@limonjuice Hi!  The Sync Team has put together a step-by-step troubleshooting guide for issues.  


Specifically for the "DISABLED_BY_ADMIN" error you are seeing, please see the following: https://docs.microsoft.com/en-us/deployedge/microsoft-edge-troubleshoot-enterprise-sync#issue-sync-i...





Hi, thanks for the reply. We found the issue (my user account was not enabled for MIP use).

@limonjuice Great to hear you figured it out!  Thanks for following up!