Seamless Single Sign-on in Azure Active Directory
Azure Active Directory (Azure AD) Seamless Single Sign-On allows users to log in via SSO on their computers "connected" to the local and Azure Active-Directory to the Microsoft 365 cloud services.
Want to increase your organization's productivity with a very low IT effort. Then this must be one of the Microsoft 365 features you want to turn on!
Technical requirements
If you already have a Office 365 environment today, and you have already synced all AD objects, you can go to the next step.
If you don't have Office 365 yet, but are ready to migrate you can find the 4-step Azure AD connect installation instructions can be found here.
If you do not have a tenant, please create one through this way.
Configure Azure AD for Seamless Single sign-on
Select configure
Click on Change User Sign-in
Login with your credentials
Change from: Password Hash Synchronization
To: Pass-through Authentication + Single Sign-on.
Select Next
Login with your local Domain Credentials
Click Configure
Configure the necessary GPO
Step 1 - Open Group Policy Management and create a new GPO
Call the GPO however you like
Step 2: Create a Site To Zone assignment list
Navigate to user configuration > policies > management templates > Windows Features > Internet Explorer > Internet configuration screen > Security page. Then select the list site to zone assignment.
Or in English according to the screenshot below.
Put this value: https://autologon.microsoftazuread-sso.com
Value (data): 1
Step 3: Add the allow updates to status bar via script.
Browse to user configuration > policy > management templates > Windows Features > Internet Explorer > Internet configuration screen > The security page > intranet zone. Then select Allow updates for status bar via script.
Step 4: Set a registry entry for the autologon - HTTPS
Browse to user configuration > for labels > Windows settings > Registry > New > registry entry.
Enter the following values in the appropriate fields and click OK.
Key path: SoftwareMicrosoftWindowsCurrentVersionInternet SettingsMapDomainsMicrosoftazuread-SSO.comautologon
Value name: https.
Value type: REG_DWORD.
Value data: 00000001.
Test your policy
For Firefox, Safari (MacOS), Chrome etc you also want to make sure you have SSO. Then take a look at this link with more information.
Salut ^^
Tu devrais ajouter le chemin complet de la clé de registre -> Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftazuread-sso.com\autologon
Merci encore tu régales!
Téo