Back

TechnologyAug 28, 2015

ADFS Version 3 With Windows 10 Clients Using Edge: Fix the Automatic Login Internally

Marlin Todd

ADFS1Symptom: When users upgraded from Windows 7 or 8.1 to Windows 10, Edge (Internet Explorer’s replacement) stopped auto-logging in people when trying to hit the Active Directory Federation Services (ADFS) server from inside the corporate network to sign in to Office 365 or Intune.

Solution: We need to allow NT LAN Manager (NTLM) authentication for the Edge browser user agent.

  1. Log in to your primary ADFS server.

  2. Execute the following command to disable Extended Protection TokenCheck (visit Window’s TechNet library for more—scroll down to “ExtendedProtectionTokenCheck”):

    1. Set-ADFSProperties –ExtendedProtectionTokenCheck None

ADFS1

3. Execute the following command to get the current list of supported user agents for NTLM authentication:

Get-ADFSProperties | Select  -ExpandProperty WIASupportedUserAgents

ADFS2

4. Take all the values you received in step three and then add, “Edge/12″ onto the end as an allowed user agent.

5. Execute the following command:

Set-ADFSProperties -WIASupportedUserAgents @(“MSIE 6.0”, “MSIE 7.0”, “MSIE 8.0”, “MSIE 9.0”, “MSIE 10.0”, “Trident/7.0”, “MSIPC”, “Windows Rights Management Client”, “Mozilla/5.0”,”Edge/12”)

ADFS3

6. Restart the ADFS service on each of the ADFS farm servers for the changes to take effect.  You do not need to make any changes to the proxy servers.

ADFS4

Hopefully this has been helpful. Your comments or feedback are welcome, and please share this article if you did find it helpful.

To contact an Office 365 Ninja, email findoutmore@credera.com. For more information on Microsoft Windows Server 2012 R2 and Office 365, please visit our blog.

Have a Question?

Please complete the Captcha