Since the release of Mozilla Firefox 91, we have the option to configure Windows single sign-on for Microsoft work and school accounts. This provides the end-user a single sign-on (SSO) experience on a (Azure AD joined) Windows device when the user signs in to Office 365 and other Azure AD-connected resources like we already have when using Microsoft Edge.
The setting isn’t turned on by default. To provide our users a better sign-in experience when using Firefox, let us admins configure the settings for them.
When we use the ADMX file which supports Firefox 91 or later, we can configure this setting using Microsoft Intune, as I showed in previous blog posts for other settings.
If you’re not familiar yet with configuring Mozilla Firefox using Microsoft Intune, I suggest to first read this article. In that article, I explained configuring Firefox with Intune in more depth, like how to ingest the ADMX file.
In this article, I only show how to configure the Windows SSO setting.
So let’s get started!
Collect the required policy setting information
The Windows SSO setting itself can be found in Firefox under Settings, Privacy & Security, Logins and Passwords.
To see if there is a corresponding policy setting available we can browse to about:policies in Firefox. On the Documentation tab we find the WindowsSSO setting which is the setting we are looking for based on the description.
If we open the Firefox ADMX file and search for WindowsSSO, we find the information we need to configure the setting with Intune.
We only have two options to configure the setting, on or off. Which corresponds to the values 0 or 1. And as this is a boolean type setting we can set this by configuring the value in Intune to enabled or disabled.
We can also see there is no parent for this setting, so our OMA-URI will be:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSOConfigure a Custom configuration profile
I assume you have already created a Custom configuration profile for the ADMX ingestion (which is a pre-requisite) and configured some other settings. Let’s add this setting to that profile.
- On the settings tab click Add
- Give the Row a Name
- Fill in the OMA-URI:
./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO - Data type: String
- Value:
<enabled/>Save the configuration profile.
That should be all.
The end result
When we switch back to our Windows device and open Firefox, we can see the policy setting is configured when we browse to about:policies. The configured settings are shown on the Active tab.
And also under the Settings, we see the settings is turned on.
And indeed, when I test this on an Azure AD joined Windows device, I’m now signed in to Office 365 without entering my credentials.
Thanks for reading!
We live in the 2021 , almost 2022 and we still have to deal with this oma-uri bullcrap (no offense) , my god…