365tips.be

The best Microsoft 365 tips on the web

Seamless Single Sign-on in Azure Active Directory

Seamless Single Sign-on in Azure Active Directory
Jasper Azure Active Directory Windows 10

Azure Active Directory (Azure AD) Seamless Single Sign-On allows users to log in via SSO on their computers "connected" to the local and Azure Active-Directory to the Microsoft 365 cloud services.

Want to increase your organization's productivity with a very low IT effort. Then this must be one of the Microsoft 365 features you want to turn on!

Technical requirements

If you already have a Office 365 environment today, and you have already synced all AD objects, you can go to the next step.

If you don't have Office 365 yet, but are ready to migrate you can find the 4-step Azure AD connect installation instructions can be found here.

If you do not have a tenant, please create one through this way.

Configure Azure AD for Seamless Single sign-on

Select configure

Click on Change User Sign-in

Login with your credentials

Change from: Password Hash Synchronization

To: Pass-through Authentication + Single Sign-on.

Select Next

Login with your local Domain Credentials

Click Configure

Configure the necessary GPO

Step 1 - Open Group Policy Management and create a new GPO

Call the GPO however you like

Step 2: Create a Site To Zone assignment list

Navigate to user configuration > policies > management templates > Windows Features > Internet Explorer > Internet configuration screen > Security page. Then select the list site to zone assignment.

Or in English according to the screenshot below.

https://docs.microsoft.com/nl-be/azure/active-directory/hybrid/media/how-to-connect-sso-quick-start/sso6.png

Put this value: https://autologon.microsoftazuread-sso.com

Value (data): 1

Step 3: Add the allow updates to status bar via script.

Browse to user configuration > policy > management templates > Windows Features > Internet Explorer > Internet configuration screen > The security page > intranet zone. Then select Allow updates for status bar via script.

Step 4: Set a registry entry for the autologon - HTTPS

Browse to user configuration > for labels > Windows settings > Registry > New > registry entry.

Single sign-on

Enter the following values in the appropriate fields and click OK.

Key path: SoftwareMicrosoftWindowsCurrentVersionInternet SettingsMapDomainsMicrosoftazuread-SSO.comautologon

Value name: https.

Value type: REG_DWORD.

Value data: 00000001.

Single sign-on
Single sign-on

Test your policy

For Firefox, Safari (MacOS), Chrome etc you also want to make sure you have SSO. Then take a look at this link with more information.

Tagged: , , , , , , , , , ,

Related tips

Azure Active Directory Microsoft 365 general Office 365 Admin

📘 Tutorial: How to create your own Microsoft Office 365 tenant ?

Microsoft Intune Windows 10

How to reset a Windows 11 device in Windows Autopilot thanks to Microsoft Intune

Windows 10 Windows 11

This is how to activate and use Windows LAPS in Microsoft Entra

Windows 10

How to change the language in Windows 10 to Belgium - Dutch

Microsoft 365 general Windows 10

Shortcut keys in OneNote for Windows 10

Azure Active Directory Microsoft 365 general Office 365 Admin

How to automatically add Microsoft 365 licenses to Azure AD groups. Dynamically, statically or with Security groups

0 0 vote
Article review
Subscribe
Please let us know if there are
guest

1 Response
Oldest
Latest Most Voted
Inline feedbacks
See all comments
Téo
Téo
1 year ago

Salut ^^

Tu devrais ajouter le chemin complet de la clé de registre -> Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftazuread-sso.com\autologon

Merci encore tu régales!

Téo

0
Respond
wpdiscuz   wpDiscuz

Subscribe via email

Enter your email address to subscribe to this blog and receive email notifications of new posts.

1
0
Would love to know your thoughts, please leave a comment.x