Microsoft makes Windows SSO prompts easier to manage

Microsoft is rolling out a new registry-based policy aimed at enhancing the management of Single Sign-On (SSO) permissions for devices running Windows 11 versions 24H2 and 25H2, specifically those managed through Microsoft Entra ID. This development allows IT administrators to automatically accept SSO permissions, streamlining the user experience within corporate environments. However, it’s important to note that users operating personal Microsoft accounts or devices outside of policy-managed settings will still encounter prompts for SSO permissions.

Why Microsoft introduced it

In response to evolving user needs, particularly within the European Economic Area (EEA), Microsoft has revamped the Windows sign-in experience. This change empowers users to decide whether to utilize the same account across various Microsoft applications and services, thereby granting them enhanced control over their account usage. Justin Ploegert, Principal Technical Program Manager at Microsoft, explained, “For managed enterprise environments, some organizations wanted additional flexibility to manage the SSO prompt experience on devices where their organizations already manage sign-in policies and trust relationships.”

Deployment

For IT administrators looking to implement this new policy, deployment can be executed through several avenues. Options include:

  • Group Policy
  • Microsoft Intune
  • Other mobile device management (MDM) solutions
  • Microsoft Configuration Manager
  • Any management tool that supports registry policy deployment

Once the registry policy is deployed, administrators are encouraged to validate SSO behavior across their fleet of managed devices, ensuring a seamless integration into their existing systems.

Winsage
Microsoft makes Windows SSO prompts easier to manage