Skip to content
The Lazy Administrator
  • Home
  • Disclaimer
  • Contact
  • About Me
  • Search Icon

The Lazy Administrator

Finding ways to do the most work with the least effort possible

Enable Firefox Windows Single Sign-On using Intune

Enable Firefox Windows Single Sign-On using Intune

February 12, 2023 Brad Wyatt Comments 3 comments

Table of Contents

  • Prerequisites
  • Create the Policy
  • Validate

One reason you may want to enable Windows SSO within Firefox, is so that your users on Azure AD or Hybrid joined machines can log into Microosft 365 services, such as Outlook, without having to re-authenticate. In this post, I will show you how to leverage Intune and custom configuration profiles to configure Firefox to enable Windows SSO.

Prerequisites

  • Firefox ADMX file located here
  • Intune
  • Mozilla Firefox version 91 or newer
  • Intune Administrator
  • Test Machine with a valid Intune License

Create the Policy

  1. Navigate to the Intune admin portal
  2. Go to Devices > Windows > Configuration profiles > + Create profile
  3. Under ‘Platform‘ select Windows 10 and later. For ‘Profile type‘ select Templates, and then select a Custom template.
  4. Give you new configuration policy a good name and description so other administrators will understand what it does without having to view the configuration policy itself.
  5. If you have not done so already, download the most recent Firefox ADMX files from here. Then, open the firefox.admx file in a notepad or VS Code and copy the contents for the next step.
  6. Enter the following items
    Name Ingest Firefox ADMX
    Description Ingests Firefox ADMX Files v4.7
    OMA-URI ./Device/Vendor/MSFT/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/Firefox
    Data Type String
    Value [copy the contents of firefox.admx]

  7. Next, create a new OMA-URI setting using the following information
    Name Windows SSO
    Description Firefox will use credentials stored in Windows to sign in to Microsoft, work, and school accounts.
    OMA-URI ./Device/Vendor/MSFT./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/Firefox
    Data Type String
    Value <enabled />

  8. Once finished, you should have two new settings. Click Next
  9. In the Assignments tab, assign the new configuration policy to a group, all users or all devices. In my example, I applied it to all of my users.
  10. Finally, in the Review + Create section, review your policy. If there are no further changes you are wanting to create then press the, ‘create‘ button to publish your new configuration policy.

Validate

  1. In the Intune portal I can view the status of my configuration policy. Below I can see that it has successfully applied to my endpoint.
  2. In the Firefox settings, under Privacy & Security I can now see that the SSO setting is not only enabled, its also managed.
  3. I can test this out by going to login.microsoftonline.com and instead of prompting for credentials, it will automatically sign me in.
Brad Wyatt
Brad Wyatt

My name is Bradley Wyatt; I am a 5x Microsoft Most Valuable Professional (MVP) in Microsoft Azure and Microsoft 365. I have given talks at many different conferences, user groups, and companies throughout the United States, ranging from PowerShell to DevOps Security best practices, and I am the 2022 North American Outstanding Contribution to the Microsoft Community winner.


Intune
Application, Firefox, Intune, MDM, MEM

Post navigation

PREVIOUS
Allow Non-Admin Users to Manage Their Desktop Icons Using Intune
NEXT
Migrate your Runbooks in Azure Automation to Managed Identities

3 thoughts on “Enable Firefox Windows Single Sign-On using Intune”

  1. Miroslav Stojkovic says:
    January 17, 2024 at 4:23 am

    Hi,
    Thanks for sharing this article.

    I followed your steps and I’m getting error code 0x87d1fdeb for ADMX install.. and other SSO enable option is fine – it says success. Do you have any idea what could be the problem?

    Thanks,

    Reply
  2. Jared says:
    January 18, 2024 at 12:10 pm

    I got an error with the OMA-URI for “Windows SSO” with the OMA-URI provided. I had to change it from: ./Device/Vendor/MSFT./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO/Policy/ConfigOperations/ADMXInstall/Firefox/Policy/Firefox

    To:
    ./Device/Vendor/MSFT/Policy/Config/Firefox~Policy~firefox/WindowsSSO

    Reply
    1. Rasmus Westergård says:
      February 26, 2024 at 6:54 am

      I had the same issue and tried adjusting the OMA-URI as per your instructions, and can confirm that it works.

      Thanks.

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Subscribe

Email


Categories

  • Active Directory (8)
  • AI (3)
  • API (1)
  • AutoPilot (2)
  • Azure (15)
  • Bicep (4)
  • Connectwise (1)
  • Defender for Cloud Apps (1)
  • Delegated Admin (1)
  • DevOps (6)
  • Graph (6)
  • Intune (16)
  • LabTech (1)
  • Microsoft Teams (6)
  • Office 365 (19)
  • Permissions (2)
  • PowerShell (51)
  • Security (1)
  • SharePoint (3)
  • Skype for Business (1)
  • Terraform (1)
  • Uncategorized (2)
  • Yammer (1)

Recent Comments

  • Darren Heath on Get a New Computer’s Auto Pilot Hash Without Going Through the Out of Box Experience (OOBE)
  • Ryan on Auto Deploy Progressive Web Applications (PWA) using Intune or PowerShell
  • 91 Club Lottery on Get a New Computer’s Auto Pilot Hash Without Going Through the Out of Box Experience (OOBE)
  • Naomi on Master User Creator [PowerShell GUI Software] v2 Update
  • tt789 app on Get a New Computer’s Auto Pilot Hash Without Going Through the Out of Box Experience (OOBE)

1,809,673 People Reached

© 2025   All Rights Reserved.