September 29, 2021

Edge: Reverting to classic authentication dialog a.k.a disable Windows Hello for HTTP authentication

Problem

In recent Microsoft Edge browser versions 90+, the classic authentication dialog (or NTLM authentication dialog, or Windows authentication prompt) has been replaced by Windows Hello authentication prompt. It's all nice and secure, but at the moment at least, browser password vault extensions such as 1Password cannot fill in the credentials to that modern prompt. What it means is that you need to close the Windows Hello prompt, open password extension, copy username/password to notepad, refresh browser window, paste credentials from notepad to Windows Hello prompt. *yawn*

This is cumbersome in enterprise scenarios with various internal systems such as SharePoint that may require you to login with different credentials from the one you're currently logged into Windows.



Solution

For now the only solution is to disable the Windows Hello prompt in Edge. It will require using Group Policies either on AD level, or on individual machine. The following steps are for individual machine, but if you're an AD admin, you can pick the essential pieces from the instructions and do the same on AD level policy.

  1. First download MS Edge policy file from https://aka.ms/EdgeEnterprise, from the drop-downs, select the version of your Edge, then press GET POLICY FILES


  2. Extract the .cab, and .zip 🙄
  3. Navigate to .\MicrosoftEdgePolicyTemplates\windows\admx folder
  4. Copy msedge.admx to C:\Windows\PolicyDefinitions
  5. Navigate to .\MicrosoftEdgePolicyTemplates\windows\admx\en-US folder (NOTE! or the language of your Windows installation, if not en-US)
  6. Copy msedge.adml to C:\Windows\PolicyDefinitions\en-US
  7. Open Local Group Policy Editor, and navigate to Computer Configuration / Administrative Templates / Microsoft Edge / HTTP Authentication
  8. Edit Windows Hello For HTTP Auth Enabled setting, and set it to Disabled


  9. Click OK to confirm policy setting, and refresh page in Edge - no restart needed
  10. Applauds! Classic authentication prompt is back and you can also access the browser extension

No comments:

Post a Comment