This is a follow-up to my 2015 post about the recommended IE Internet Security Zone settings for maximum user authentication happiness.
On the post https://tuomi.ca/2014/06/23/overcoming-sticky-logouts-office-365-azure-windows-intune-web-browser/, I tried to rationalize IE security settings relating to Office 365.
Here’s a good explanation of why we should care, as quoted from the more recent MSFT post:
“Starting with Windows Vista , Internet Explorer has a new security zone protection feature, called protected mode, and that is set up by default for Internet, Intranet and Restricted Security zones.
Understanding and Working in Protected Mode Internet Explorer
The effect of the protected mode is that the sites in these zones will not have access to the folders available to other application (i.e. data available in other zones). This means the cookies available for one session for a site in a Protected mode zone will not be accessible to a site that resides in a separate zone (and the other way around), which will trigger behind the scene repeated authentication attempts.”
Net result: persistent login prompts, hair pulling, annoyances. The fix? Either manually or through group policy, apply the following settings to your Windows workstations:
Trusted Sites Zone:
https://blogs.technet.microsoft.com/victorbutuza/2016/06/20/o365-internet-explorer-protected-mode-and-security-zones/ – Latest new URL’s added e.g. PowerApps.com
https://support.microsoft.com/en-us/help/2507767/problems-when-signing-out-of-office-365–azure–or-intune-in-a-web-bro – Original official reference.