TL; DR: Configure the Windows SSO Feature in Settings -> Privacy & Security -> Logins and Passwords


Typically, around the same time that an organization migrates to Office365, they examine and implement several Conditional Access policies to restrict access from unauthorized sources. Once of the most important is to restrict access from applications using legacy access methods, ensuring that a proper MFA challenge can occur.

If organizations have already adopted Microsoft Edge, or are doing so as part of the larger project, this is perfectly acceptable. However, should the workforce still be relying on other browsers like Google Chrome or Mozilla Firefox, it becomes a problem as the browsers do not natively support Microsoft’s single sign-on experience.

When users attempt to access Office365 resources from one of these browsers, the attempt will either be blocked or the session will be granted with limited connectivity, based on the type of Conditional Access policy enforced. If the organization is not prepared to migrate to Edge, there’s a way to enable the feature in Chrome and Firefox.

For Firefox, you need to enable the Windows SSO feature. To enable it, click the sandwich button, then go to Settings and then Privacy & Security. From here, go down to the Logins and Passwords section, and check the box next to “Allow Windows single sign-on for Microsoft, work, and school accounts.”


To deploy this in the enterprise, it’s recommended to use Group Policy or Intune, with the ADMX template that is provided on Mozilla’s Github. Mozilla also has a step-by-step article for creating Firefox policies in Intune. If this is your first Firefox Intune policy, use this page as a reference for creating the Device Configuration Profile.


Hope this helps!