Jul 13 2019
11:52 AM
- last edited on
Jan 14 2022
03:29 PM
by
TechCommunityAP
Jul 13 2019
11:52 AM
- last edited on
Jan 14 2022
03:29 PM
by
TechCommunityAP
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso
trying to keep IE locked down but still allow seamless sso for my on-premise users.
There are a few different GPOs for Enhanced Protection.
What is not compatible.
I'm currently testing if enhanced protection is disabled on the intranet zone only.
but enabled in advanced settings and internet zone.
Jul 14 2019 10:37 PM
Not sure what the question is here? If you mean you want more information about the specific restrictions/limitations of using Enhanced Protection mode, best ask for clarification in the feedback form under the article you linked above.
Jul 15 2019 03:38 AM
@VasilMichev the question is what are the supported settings. there are multiple places to enable protected mode.
Jul 17 2019 01:10 PM
currently the minimum working configuration for this is:
IE Advanced Tab: Enable 64 bit processes for Enhanced Protected Mode: Enabled Enable Enhanced Protected Mode: Disabled Internet Zone: Enable Protected Mode: Enabled Intranet Zone: Enable Protected Mode: Disabled
opened a support case to see if there are other work arounds or options to provide users sso who are on the domain.
if they suggest hybrid join i will need to ask about support for VDI environments.
https://docs.microsoft.com/en-us/azure/active-directory/devices/hybrid-azuread-join-plan