Forum Discussion

re_bl's avatar
re_bl
Brass Contributor
Sep 02, 2020

With new Sync Bookmarks/Favorites on-Prem without Cloud

https://docs.microsoft.com/en-us/deployedge/microsoft-edge-on-premises-sync Question: Is it only for beginning that only Favorites and Settings will be stored in the profile.pb file? Will in the F...
scottbo_msft's avatar
scottbo_msft
Icon for Microsoft rankMicrosoft
Sep 02, 2020

Hello re_bl :

 

We can consider adding support for more data types based on feedback. When we were planning this feature we found that favorites and settings were by far the most highly requested types so we started there. 

 

I cannot directly advise on UE-V. However I do know that some customers have successfully used UE-V for this. My suggestion is to try it out in an isolated environment and see if it meets your needs.

 

And yes, you can still use cloud profiles in Edge even when on-prem is active. On-prem only impacts AD profiles.

  • re_bl's avatar
    re_bl
    Brass Contributor
    Sep 03, 2020

    Hello scottbo_msft 

    I have done some more tests with on-Prem and cloud profile: (Microsoft Edge 85.0.564.44)

    Scenario 1:

    Customer allows to login with Private User. Work as expected.

    "ConfigureOnPremisesAccountAutoSignIn"=dword:00000001

    "RoamingProfileSupportEnabled"=dword:00000001

    "HideFirstRunExperience"=dword:00000001

    "RoamingProfileLocation"="${local_app_data}\\Microsoft\\Edge\\edge-profile"

     

    Customer doesn’t allow to login with a Private User.

    The deactivation I have done with GPO Browser Sign-in => If you have configured the 'BrowserSignin' policy to disabled, this policy '*ConfigureOnPremisesAccountAutoSignIn' will not take any effect. Then the on-prem login will not function anymore. Works as is written in the GPO *description.

     

    "ConfigureOnPremisesAccountAutoSignIn"=dword:00000001

    "RoamingProfileSupportEnabled"=dword:00000001

    "HideFirstRunExperience"=dword:00000001

    "RoamingProfileLocation"="${local_app_data}\\Microsoft\\Edge\\edge-profile"

    "BrowserSignin"=dword:00000000

    "NonRemovableProfileEnabled"=dword:00000000

    Second test if I set a Primary account that does not exist over the GPO RestrictSigninToPattern, then also the on-prem login doesn't function and you couldn't login with another Account.

    "ConfigureOnPremisesAccountAutoSignIn"=dword:00000001

    "RoamingProfileSupportEnabled"=dword:00000001

    "HideFirstRunExperience"=dword:00000001

    "RoamingProfileLocation"="${local_app_data}\\Microsoft\\Edge\\edge-profile"

    "RestrictSigninToPattern"="@contoso.com"

     

    Could you explain how to configure that also the scenario 2 is working. Only allow to login to AD domain?

    • scottbo_msft's avatar
      scottbo_msft
      Icon for Microsoft rankMicrosoft
      Sep 04, 2020

      Hello re_bl --

       

      You may need to change your RestrictSignonToPattern value. It should match the format of an on-prem AD account like COMPANY\user. Or you can try unsetting it to eliminate it as a cause of the problem.

      • re_bl's avatar
        re_bl
        Brass Contributor
        Sep 08, 2020

        Hello scottbo_msft 

        If I set the RestrictSignonToPattern to  COMPANY\${profile}, it won't login the user with AD Account. If I unsetting the RestrictSignonToPattern then the AD Account will login but you also could login with a Private Microsoft Account. 

        We have some customers they do not have O365 because of the Cloud strategies and they also do not want that the User could login with a Private Microsoft Account on they're work client.

Resources