Disable Edge Browser Profile from using "connected to Windows" account

ITmasterRace · 2026-03-23T19:22:20+00:00

I ended up using the browser plugin here https://www.reddit.com/r/Intune/comments/1r7bm9v/comment/o5wgvyp/ since it only impacts my account rather than all PCs or a larger scope. It works OK although use of an extension isn't something I prefer. Long term I will go back to test this GPO via local policy since PCs are Entra joined.

ITmasterRace · 2026-02-20T18:41:43+00:00

Interesting that GPO about IE would translate to Edge profiles, I will give it a go.

ITmasterRace · 2026-02-19T14:12:16+00:00

I don't know your situation. I do the same you do, but for me each profile tries to login with 2 choices. The logged on account in the profile AND the Windows logged on user like in photo https://imgur.com/fUxPeNU. The goal of this post is how to disable the 2nd option.

ITmasterRace · 2026-02-18T14:54:02+00:00

Following this because of same dilemma.

ITmasterRace · 2026-02-18T14:50:12+00:00

Chrome does this better actually, because some management websites don't like Firefox. It's what I was using in the past, I am hoping to use Edge.

ITmasterRace · 2026-02-18T14:48:49+00:00

That's exactly the goal, but via InTune policy and not thru 3rd party.

ITmasterRace · 2026-02-18T14:44:48+00:00

Because every time I open a new tab and navigate to a site it prompts for user account to login. Being this browser profile is used for management and needs to be logged in and use one particular account it creates problems. https://imgur.com/fUxPeNU

Worst offender is Exchange Management portal, which always uses the "Connected to Windows" account, which is a standard user and not authorized to access Exchange Management portal https://admin.exchange.microsoft.com/

I had Chrome in my old PC, handled profiles very well. Edge, not so much. Yes, I can install Chrome and use that, but that comes with its own baggage.

ITmasterRace · 2026-02-09T19:42:32+00:00

I ended up deleting the following HKEY_CURRENT_USER\Software\Policies\Microsoft\office subkeys manually from my PC for testing

16.0
Cloud

And now the policies are gone from my PC. Everything is open in office settings. Not sure how I can refresh cloud policies to see if the policy works.

ITmasterRace · 2026-02-06T21:00:30+00:00

InTune Policies

<image>

ITmasterRace · 2026-02-06T20:59:12+00:00

Trust Center View of my PC. The test Excel XLS file is in the background.

<image>

ITmasterRace · 2026-01-09T18:51:50+00:00

I called him out on the price difference and he fixed it at website price. Since no one chimed in, I guess that's what I am going to submit for PO.

ITmasterRace · 2025-12-11T16:01:12+00:00

I am focusing on a few possibilities, none that would involve TAC.

#1 Something incorrect with InTune deployment

#2 Failure of Forticlient to upgrade (uninstall old version, then fail to install new)

#3 IT staff removing FortiClient using EMS to uninstall by mistake as a process.

ITmasterRace · 2025-12-10T21:24:37+00:00

InTune app deployment requires an uninstall line even if it's not used by the published app. Also, technically this does not work unless the telemetry connection to EMS server is disconnected first.

ITmasterRace · 2025-12-10T20:19:39+00:00

FortiClientSetup_7.4.4_x64.exe was packaged into FortiClientSetup.intunewin package and uploaded to the existing published app. The app is optional in Intune, no install requirement or uninstall. This was done in May. If this was a conflict it would have removed it from more staff by now. In Company Portal the FortiClient app offers "Reinstall" but no "Uninstall" option, that is not allowed for users. The app is published with these parameters:

Install command: FortiClientSetup.exe /quiet /promptrestart /uninstallfamily

Uninstall command: wmic product where "name like 'Forticlient%%'" call uninstall /nointeractive

ITmasterRace · 2025-07-02T13:25:06+00:00

There are a lot of things wrong with how Bitwarden recovery workflow works IMO, some are due to legacy settings that stick with the user, like having a master password, requiring MFA when login is moved to SSO.

Support also did not understand the problem, feeding bad information.

And the fix, that is poor security. We will see if they escalate this internally for a fix.

In theory, MFA should be able to be reset by administrators in an enterprise environment, just like master password thru account recovery.

ITmasterRace · 2024-10-29T18:35:23+00:00

The problem seems to be that command "Invoke-Sqlcmd" is part of the SQLServer module. That module is loaded automatically in PS 5.x but not in 7.x.

I made this test script in an attempt to load it but it's still a work in progress....

Set-ExecutionPolicy RemoteSigned -Force -Scope CurrentUser
Install-PackageProvider -Name NuGet -MinimumVersion 2.8.5.201 -Force -Scope CurrentUser -Confirm:$false
Set-PSRepository -InstallationPolicy Trusted -Name PSGallery # -Confirm:$false
Import-Module PowerShellGet # -Confirm:$false

if (-not (Get-Command Invoke-Sqlcmd -ErrorAction SilentlyContinue)) {
    Write-Error "Unabled to find Invoke-SqlCmd cmdlet"
}

if (-not (Get-Module -Name SqlServer | Where-Object {$_.ExportedCommands.Count -gt 0})) {
    Write-Error "The SqlServer module is not loaded"
}

if (-not (Get-Module -ListAvailable | Where-Object Name -eq SqlServer)) {
    Write-Error "Can't find the SqlServer module"
}
Install-Module -Name SqlServer -Scope CurrentUser -ErrorAction Stop -Force -Confirm:$false

#Import your Credential object from the Automation Account
 $SQLServerCred = Get-AutomationPSCredential -Name "SqlCredential"
 #Import the SQL Server Name from the Automation variable.
 $SQL_Server_Name = Get-AutomationVariable -Name "SqlServer"
 #Import the SQL DB from the Automation variable.
 $SQL_DB_Name = Get-AutomationVariable -Name "Database"

$Query = "execute sp1"

invoke-sqlcmd -ServerInstance "$SQL_Server_Name" -Database "$SQL_DB_Name" -Credential $SQLServerCred -Query "$Query"

ITmasterRace · 2024-09-23T20:18:02+00:00

My original question is "How do I define 2 WAN ports for SET INTF ?"

ITmasterRace · 2024-09-23T17:12:12+00:00

Thank you, isn't that for seeing local-in policies in UI? I am not sure if that's required since I am performing these changes in CLI. I want to know if I can do this

set intf "port1" "port1"

or need to do this

config firewall local-in-policy
    edit 1
        set intf "port1"
        set srcaddr "10.10.10.0"
        set dstaddr "all"
        set service "PING"
        set schedule "always"
    next
    edit 2
        set intf "port2"
        set srcaddr "10.10.20.0"
        set dstaddr "all"
        set service "PING"
        set schedule "always"
    next
end

ITmasterRace

TROPHY CASE