User Profile
jdbst56
Brass Contributor
Joined Nov 02, 2020
User Widgets
Recent Discussions
Phishing resistant MFA options for Entra ID Guest users
What are the phishing resistant MFA options for Entra ID B2B guest users who authenticate from an IDP that is not configured for inbound cross tenant trust? From our testing, there does not appear to be any way to use fido2/passwordless/certificate-based authentication with the guest account on the resource tenant. The following links appear to indicate that this is not supported. https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-strength-advanced-options#certificate-based-authentication-advanced-options-1 https://learn.microsoft.com/en-us/entra/identity/authentication/concept-authentication-passwordless#supported-scenarios-1 When we enable MFA requirements in conditional access policy for Guest users, the only option that seems to work is MS Authenticator which the user can enroll for on our tenant. Would switching the account from a B2B guest to an internal Guest allow something like CBA to function or is the only real option to enable cross tenant trust and force the user to enable MFA on the account in their home IDP?Re: Teams Web No Screen Sharing From Chat?
Thanks Chris. I'm aware of the audio call workaround, and this is what we've been telling our users that are in Teams web. I was just curious more than anything because it seems that it would be a simple change but maybe there is some technical reason why it hasn't been implemented.28KViews0likes0CommentsRe: Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
Do we have any update on this issue? 2,439 views on this issue since Nov 2020 and still no solution. We're supposed to make Edge the default browser next month due to O365 EOL for IE. I guess we have to tell our users that they can't roam their favorites.1.5KViews1like0CommentsRe: Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
Michael710 We had opened a Microsoft Premier support case two weeks ago just to see if they could give us any ETA on the new policy. Unfortunately there was really no new information other than they are working on it. Here's the summary from the case. SYMPTOM: • Customer wants update on new policy being created by Edge team so users will not get implicit sign-in with secondary AAD account if ConfigureOnPremisesAccountAutoSignIn is configured CAUSE: • N/A RESOLUTION: • After discussing with the Edge team, the new policy being created so users will not get implicit sign-in with secondary AAD account if ConfigureOnPremisesAccountAutoSignIn is configured, is currently still in progress. • They do not have an exact release date or version yet, but I have indicated to them to let me know as soon as there is an ETA. • This policy was expected to be released previously but there was a slight delay which caused a setback but they are now working to get this policy in a upcoming version and will share with me the release version as soon as they have confirmed. • Will re-open case when there is an update on policy1.5KViews1like1CommentRe: Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
Kelly_Y We confirmed in our testing that --force-on-prem-profile overrides the AAD login attempt and forces the local AD login. Do you have any timeframe on when the new GPO will be implemented? We cannot implement Edge as our default browser until we can locally roam favorites. Thanks1.6KViews1like0CommentsEdge 89 Stuck In Update/Restart Loop
We are deploying Edge updates through our local WSUS, and we have the Update policy override default policy set to enabled and Updates Disabled so that Edge does not update from the Internet. Since upgrading to Edge 89, we have been having issues with Edge prompting that it needs to update and restart, even though no updates are available through WSUS. When this happens, the user selects restart which restarts Edge, but the prompt will come back about an hour later. It almost appears that Edge is seeing that an update is available online even though it is not yet synced to the WSUS repository. Right now we have 89.0.774.54 deployed but we are aware that 89.0.774.57 came out on 3/18, although it has not yet synced into our WSUS. I am aware that there are two scheduled tasks and two services that trigger Edge updates. The one scheduled task runs every hour. I have attached the log file from the MicrosoftEdgeUpdate.exe service, but it is not particularly helpful. This issue is very annoying for our end users and didn't start until we updated from 88 to 89. Complete removal of Edge and the Edge Updater service and reinstallation does not resolve the issue. Group Policy Configuration is as follows: Enable component updates in Microsoft Edge Disabled Notify a user that a browser restart is recommended or required for pending updates Enabled Notify a user that a browser restart is recommended or required for pending updates Required - Show a recurring prompt to the user indicating that a restart is required Set the time period for update notifications Enabled Set the time period for update notifications: 3600000 Update policy override default Enabled Update Policy Updates disabled Update policy override Enabled Update Policy Updates disabled Any assistance with this issue would be appreciated.8.1KViews0likes9CommentsEdge v89 Crashes Randomly
In the last week I've been experiencing random crashes in Edge. I've been unable to pinpoint the crashes to any specific website or action. The behavior I'm seeing is that the application will randomly close without any warning or error message. I do suspect that it is related to going from v88 to v89 as I never had these crashes on v88. The current version of Edge I'm running right now is 89.0.774.50 on Windows 10 1909 x64. I viewed the dmp file output of one of the crashes in WinDbg. Any idea of what might be going on or how to diagnose further? Microsoft (R) Windows Debugger Version 10.0.19041.1 AMD64 Copyright (c) Microsoft Corporation. All rights reserved. User Mini Dump File: Only registers, stack and portions of memory are available Symbol search path is: srv* Executable search path is: Windows 10 Version 18363 MP (8 procs) Free x64 Product: WinNt, suite: SingleUserTS 18362.1.amd64fre.19h1_release.190318-1202 Machine Name: Debug session time: Sun Mar 14 10:16:36.000 2021 (UTC - 4:00) System Uptime: not available Process Uptime: 1 days 10:15:44.000 ................................................................ ................................................................ .................. Loading unloaded module list ................................................................ This dump file has an exception of interest stored in it. The stored exception information can be accessed via .ecxr. (4e7c.1508): Access violation - code c0000005 (first/second chance not available) For analysis of this file, run !analyze -v ntdll!NtDelayExecution+0x14: 00007ffa`90cfd414 c3 ret 0:024> !analyze -v ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* KEY_VALUES_STRING: 1 Key : AV.Fault Value: Read Key : Analysis.CPU.Sec Value: 11 Key : Analysis.DebugAnalysisProvider.CPP Value: Create: 8007007e on PN0000004022 Key : Analysis.DebugData Value: CreateObject Key : Analysis.DebugModel Value: CreateObject Key : Analysis.Elapsed.Sec Value: 44 Key : Analysis.Memory.CommitPeak.Mb Value: 676 Key : Analysis.System Value: CreateObject Key : Timeline.Process.Start.DeltaSec Value: 123344 NTGLOBALFLAG: 0 PROCESS_BAM_CURRENT_THROTTLED: 0 PROCESS_BAM_PREVIOUS_THROTTLED: 0 APPLICATION_VERIFIER_FLAGS: 0 CONTEXT: (.ecxr) rax=3b0e9c6e2e6ee907 rbx=80863a2d046f0b31 rcx=80863a2d046f0b31 rdx=0000000107bff720 rsi=0000000107bff6d0 rdi=0000000107bff6d0 rip=00007ffa11aebba7 rsp=0000000107bff600 rbp=0000000000000001 r8=0000000107bff6d0 r9=0000000000000001 r10=0000000000000000 r11=0000000000000246 r12=00007ffa90ce18d0 r13=00007ffa90c95c30 r14=0000000107bff720 r15=00000138000c4420 iopl=0 nv up ei pl nz na po nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 msedge!base::internal::TaskTracker::UnregisterTaskSource+0x17: 00007ffa`11aebba7 8a4016 mov al,byte ptr [rax+16h] ds:3b0e9c6e`2e6ee91d=?? Resetting default scope EXCEPTION_RECORD: (.exr -1) ExceptionAddress: 00007ffa11aebba7 (msedge!base::internal::TaskTracker::UnregisterTaskSource+0x0000000000000017) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: ffffffffffffffff Attempt to read from address ffffffffffffffff PROCESS_NAME: msedge.exe READ_ADDRESS: ffffffffffffffff ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%p referenced memory at 0x%p. The memory could not be %s. EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: ffffffffffffffff STACK_TEXT: 00000001`07bff600 00007ffa`12dcf547 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge!base::internal::TaskTracker::UnregisterTaskSource+0x17 00000001`07bff650 00007ffa`110f5998 : 00000000`00000000 00007ffa`110f5888 00000138`000d0f80 00007ffa`909e1e00 : msedge!base::internal::WorkerThread::RunWorker+0x467 00000001`07bff7a0 00007ffa`127adb70 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge!base::internal::WorkerThread::RunPooledWorker+0x18 00000001`07bff7e0 00007ffa`909d7c24 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : msedge!base::`anonymous namespace'::ThreadFunc+0xd0 00000001`07bff870 00007ffa`90ccd721 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0x14 00000001`07bff8a0 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x21 SYMBOL_NAME: msedge!base::internal::TaskTracker::UnregisterTaskSource+17 MODULE_NAME: msedge IMAGE_NAME: msedge.dll STACK_COMMAND: ~24s ; .ecxr ; kb FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_msedge.dll!base::internal::TaskTracker::UnregisterTaskSource OS_VERSION: 10.0.18362.1 BUILDLAB_STR: 19h1_release OSPLATFORM_TYPE: x64 OSNAME: Windows 10 FAILURE_ID_HASH: {49aa4721-a238-ca27-d7f2-8a142c6db844} Followup: MachineOwner ---------3KViews1like1CommentRe: Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
Kelly_Y Do you have any update? We would really like to move to Edge as the default browser for our organization but the inability to locally sync favorites is preventing us from doing so. Perhaps Microsoft should consider using Chrome's implementation of RoamingProfileSupportEnabled which does not require any browser sign-in. The ability to simply redirect the profile.pb file to a network share such as the user's home drive would be sufficient for our purposes.5.1KViews1like5CommentsRe: Edge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
Kelly_Y Thanks for your response. So in our testing we saw that both AAD accounts and personal accounts are taking precedence over the on-premise AD account. We had to remove all traces of both accounts in order for the AD sync to work. In our testing scenario, we removed the AAD account from Access work or school in Windows 10. After doing so and closing Edge, deleting the the User Data folder from AppData\Local\Microsoft\Edge and relaunching Edge, we found that the browser was then trying to sign in using personal gmail/hotmail accounts. We're not certain where these logins were coming from possibly the Microsoft Store or other Microsoft resources. On one system, signing out of all Microsoft resources and clearing the Edge User Data folder allowed the sign-in/sync using the AD account to work successfully. On another system, signing out of all resources and clearing Edge User Data folder did not resolve the signing with personal account. On this system we had to completely delete the Windows user profile to enable sign-in/sync with the on-premise AD account. So in order to make this functionality viable for our enterprise, there needs to be the ability to force the sync to use on-premise AD account without the need of deleting the Edge User Data folder and/or Windows user profile.6.1KViews0likes1CommentEdge 86.0.622.58 On-premises Sync Not Working Over VPN With Cached Local Login
We are running Edge 86.0.622.58 on Win10 Enterprise 1909 domain joined systems. We are trying to configure the Edge GPO to enable local sync of favorites, but we are unable to get the on-prem sign-in to work over VPN and so the local profile.pb is never created. Our settings are as follows: BrowserSignin = 1 ConfigureOnPremisesAccountAutoSignIn = 1 RoamingProfileSupportEnabled = 1 SyncDisabled = 0 When we login to Windows 10 with a cached credential, connect to VPN, and launch Edge with these settings, we get prompted to sign-in. The only account that seems to work is the "work or school account" which is our O365 email address. Signing in using this account results in the Edge account type and sync account type as AAD instead of on-prem and the message "sync isn't available for this account" I believe the cause of the issue is the AD account is not being used to sign in to the browser even though ConfigureOnPremisesAccountAutoSignIn is set to 1. Doing a whoami at a command prompt shows my account name in domain\username format. Using these same settings while logged into an on-site workstation results in on-premises sign in and sync working properly. Is there any reason why this functionality would not work on a cached local logon/VPN scenario?8.4KViews2likes25CommentsEdge 86.0.622.58 On-premises Sync Not Working
We are running Edge 86.0.622.58 on Win10 Enterprise 1909 domain joined systems. We are trying to configure the Edge GPO to enable local sync of favorites per https://docs.microsoft.com/en-us/deployedge/microsoft-edge-on-premises-sync but we are unable to get the on-prem sign-in to work and so the local profile.pb is never created. Our settings are as follows: BrowserSignin = 1 ConfigureOnPremisesAccountAutoSignIn = 1 RoamingProfileSupportEnabled = 1 SyncDisabled = 0 When we launch Edge with these settings, we get prompted to sign-in. The only account that seems to work is the "work or school account" which is our O365 email address. Signing in using this account results in the Edge account type and sync account type as AAD instead of on-prem and the message "sync isn't available for this account" I believe the cause of the issue is the AD account is not being used to sign in to the browser even though ConfigureOnPremisesAccountAutoSignIn is set to 1. Doing a whoami at a command prompt shows my account name in domain\username format. Any input as to what I might be able to try to diagnose/resolve this issue would be greatly appreciated as we need to have the ability to roam our favorites before we can make Edge the default browser in our organization.1.3KViews1like1Comment
Recent Blog Articles
No content to show