Updated - 24 August 2016
Requirements for SSO to Office 365 on a Windows 7 Enterprise PC;
Requirements for SSO to Office 365 on a Windows 7 Enterprise PC;
·
Microsoft Online Service Sign-In Assistant
(installed on PC)
·
The SSO service URL added to the Intranet Zone in
IE
The Microsoft Online
Service Sign-In Assistant can be downloaded from the following link;
It comes
pre-packaged as an MSI so you can push it out through Group Policy, if you do
not have a more modern software deployment mechanism such as SCCM etc. This
installer basically adds a new service called Microsoft Sign-In Assistant to
the PC, this service must be running for SSO to work correctly.
To configure the Intranet Zone either create a new GPO, or add the following settings to an
existing GPO.
Click on WMI
Filters, right click and create a new WMI Filter. Give it a descriptive name, in mine I have
used "Windows 7 Filter".
The following query
strings will ensure that only Windows 7 endpoints are given the GPO settings.
select * from
Win32_OperatingSystem WHERE Version like "6.1%" AND
ProductType="1" AND NOT OSArchitecture = "64-bit"
|
select * from
Win32_OperatingSystem WHERE Version like "6.1%" AND
ProductType="1" AND OSArchitecture = "64-bit"
|
Click on the AD FS
Client Settings GPO, and from the WMI Filtering drop down, click on the new WMI
filter you just created to ensure it is bound to the GPO.
It is probably best
to scope this setting to the Computer instead of the User account, edit the GPO
and expand Computer Configuration/Policies/Administrative Templates/Windows
Components/Internet Explorer/Intern Control Panel/Security Page and double
click the Site to Zone Assignment List.
Click Enabled and
then Show...
In the Value Name
string enter the AD FS service URL, and the value of 1. The value basically
corresponds to the zone that this policy applies to.
1 = Intranet/Local
Zone
2 = Trusted Sites
3 = Internet/Public
Zone
4 = Restricted Sites
