Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
Supported versions
- Windows: ≥ 81
- macOS: Not supported
- Android: Not supported
- iOS: Not supported
Description
Enables the use of Azure Active Directory (Azure AD) accounts for automatic sign in if your users' machines are Domain Joined and if your environment isn't hybrid joined. If you want users automatically signed in with their Azure AD accounts instead, Azure AD join (See https://go.microsoft.com/fwlink/?linkid=2118197 for more information) or hybrid join (See https://go.microsoft.com/fwlink/?linkid=2118365 for more information) your environment.
On every launch, Microsoft Edge tries to sign in using this policy, as long as the first profile being launched isn't signed in or an auto sign in doesn't happen before.
If you configure the BrowserSignin policy to disabled, this policy doesn't take any effect.
If you enable this policy and set it to 'SignInAndMakeDomainAccountNonRemovable', Microsoft Edge automatically signs in users that are on domain-joined machines using their Azure AD accounts.
If you set this policy to 'Disabled' or don't set it, Microsoft Edge doesn't automatically sign in users that are on domain-joined machines with Azure AD accounts.
From Microsoft Edge version 89, if there's an existing on-premises profile with RoamingProfileSupportEnabled policy disabled, and if the machine is now hybrid joined, that is, it has an Azure AD account, it autoupgrades the on-premises profile to Azure AD profile to get full Azure AD sync facilities.
From Microsoft Edge version 93, if policy ImplicitSignInEnabled is disabled, this policy doesn't take any effect.
From Microsoft Edge version 94, if policy OnlyOnPremisesImplicitSigninEnabled is enabled, and this policy is set to 'SignInAndMakeDomainAccountNonRemovable', it takes effect even on hybrid-joined environment. Microsoft Edge automatically signs in users using their Azure AD domain account even if there are Microsoft Account (MSA) or Azure AD accounts.
Policy options mapping:
Disabled (0) = Disabled
SignInAndMakeDomainAccountNonRemovable (1) = Sign in and make domain account non-removable
Use the preceding information when configuring this policy.
Policy options mapping:
Use this information when configuring this policy.
- Disabled (0) = Disabled
- SignInAndMakeDomainAccountNonRemovable (1) = Sign in and make domain account non-removable
Supported features
- Can be mandatory: Yes
- Can be recommended: No
- Dynamic Policy Refresh: No - Requires browser restart
- Per Profile: No
- Applies to a profile that is signed in with a Microsoft account: Yes
Data type
- Integer
Windows information and settings
Group Policy (ADMX) info
- GP unique name: ConfigureOnPremisesAccountAutoSignIn
- GP name: Configure automatic sign in with an Active Directory domain account when there is no Azure AD domain account
- GP path (Mandatory): Administrative Templates/Microsoft Edge
- GP path (Recommended): N/A
- GP ADMX file name: MSEdge.admx
Example value
Disabled
Registry settings
- Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
- Path (Recommended): N/A
- Value name: ConfigureOnPremisesAccountAutoSignIn
- Value type: REG_DWORD
Example registry value
0x00000000