SSO
Setting up Microsoft Azure/365 to an existing AD can be eased by implementing SSO between the systems
Setup sync w/ AD/AAD
-
The Seamless SSO box has to be checked in AD Connect
-
GPO (we can temple with Accent)
-
The Azure AD URL has to be added to the users intranet zone settings via Group Policy or manually
-
https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-sso-quick-start
-
GPO Settings:
-
User Configuration -> Policies -> administrative Templates -> Windows components -> Internet Control Panet -> Security page -> Intranet Zone
-
Allow updates to status bar via script - Enabled
-
Status bar updates via script - Enabled
-
-
-
User Configuration -> Preferences -> Windows Settings -> Registry
-
New Registry item
-
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftazuread-sso.com\autologon
-
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\login\device
-
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftonline.com\login
-
Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sharepoint.com\accentconsultingservices
-
-
-
-
-
-
-
-
Users have to be logging in with their email to their computer so it matches the 365 account.
You can import the baseline settings and then update the GPO from: