Enable Seamless Single Sign-on - Microsoft Azure Active Directory

Azure Active Directory (Azure AD) Seamless Single Sign-On allows users to log in via SSO on their computers that are "connected" to the local and Azure Active Directory to the Microsoft 365 cloud services.

Do you want to increase the productivity of your organisation with a very low IT-effort? Then this is one of the Microsoft 365 features you'll want to enable!

Technical requirements

If you already have an Office 365 environment today, and you have already synchronised all AD objects, you can go to the next step.

If you do not yet have Office 365 , but are ready to migrate, you can find the 4-step Azure AD connect installation instructions.

Do you not yet have a tenantPlease create one here.

Configure Azure AD for Seamless Single sign-on

Select configure

Click on Change User Sign-in

Change from: Password Hash Synchronization

To: Pass-through Authentication + Single Sign-on.

Select Next

Click on Configure

Configure the necessary GPO

Step 1 - Open Group Policy Management and create a new GPO

Call the GPO what you like

Step 2: Create a Site To Zone assignment list

Navigate to User Configuration > Policy > Management Templates > Windows Features > Internet Explorer > Internet configuration screen > Security page. Then select the list site to zone assignment.

Or in English according to the screenshot below.

https://docs.microsoft.com/nl-be/azure/active-directory/hybrid/media/how-to-connect-sso-quick-start/sso6.png

Set this value: https://autologon.microsoftazuread-sso.com

Value (data): 1

Step 3: Add the allow updates to status bar via script.

Navigate to User Configuration > Policy > Management Templates > Windows Features> Internet Explorer > Internet Configuration Screen > The Security Page > Intranet Zone. Then select Allow updates for status bar via script.

Step 4: Set a registry entry for the autologon - HTTPS

Browse to User Configuration > For Approval > Windows Settings > Registry > New > Registry Item.

Enter the following values in the appropriate fields and click OK.

Key Path: SoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMapDomainsMicrosoftazuread-SSO.com Autologon

Value Name: https.

Value type: REG_DWORD.

Value data: 00000001.

Test your policy

If you want to ensure that you have SSO for Firefox, Safari (MacOS), Chrome etc. as well. Check out this link with more information.

Jasper

Welcome to 365tips.be. On this website you can read articles and experiences about Office 365 with focus on Microsoft Teams. Feel free to ask me a question and I will answer it in a blog post. Help others by giving feedback at the bottom of the articles. This blog is made in Dutch. The multilingual website is offered with best-effort machine translation.

Allow users to request access to forward e-mails outside the organisation for a certain period of time

How to access the "Edge://flags" menu in Microsoft Edge

0 0 votes

Product review

1 Comment

Oldest

Latest Most Voted

Inline feedbacks

See all comments

Téo

1 month ago

Salut ^^

Tu devrais ajouter le chemin complet de la clé de registre -> Software "Microsoft", "Windows", "Vendor", "Internet Settings", "Zone", "Domain", "Microsoftazuread-sso.com".

Merci encore tu régales!

Téo