What is the “My Apps Secure Sign-in Experience” Extension for Edge
In order to leverage Single sign-on to your “Password Based” Azure AD applications, your Windows users will need to install a browser extension.
The “My Apps Secure Sign-in Experience” Browser Extension will handle the authentication to applications using the credentials that are stored in a Password Vault in Azure. I have another post coming soon on how to enable SSO for password based applications *
Your users will be prompted to download the extension when they select an application that is configured for “Password based” SSO. Alternatively, as an admin, you can deploy the extension to their computer – silently. Much better right?
*The extension also allows you to access internal company URLs, from an internet device, for apps published using the Application Proxy.
Deploy the Extension with Intune
Before we can publish any extension to Edge using Intune, we must first get the Application ID and Update URL for the extension.
2 . Search for My Apps Secure Sign-in Extension
3 . Grab the App ID from the URL – gaaceiggkkiffbfdpmfapegoiohkiipl
4 . Sign in at https://devicemanagement.microsoft.com
5 . Navigate to Devices > Configuration Profiles
6 . Select Create Profile
7 . Choose the Platform “Windows 10 and later” and the Profile “Administrative Templates”
8 . Click Create
9 . Give the Configuration Profile a name e.g. Edge Extensions – My Apps Secure Sing-in
10 . Click Next
11 . Select Computer Configuration > Microsoft Edge > Extensions
12 . Select Control which extensions are installed silently
13 . Select Enabled and enter the Extension ID and Update URL using the following format and click OK
The Update URL for Edge Extensions is https://edge.microsoft.com/extensionwebstorebase/v1/crx
The ADMX value will be gaaceiggkkiffbfdpmfapegoiohkiipl;https://edge.microsoft.com/extensionwebstorebase/v1/crx
14 . Click Next
15 . Click Next
16 . Click the Assign to drop down box and choose All Devices *
* You can be more selective and choose a group of devices to deploy the Configuration Profile to instead of All Devices
17 . Click Next
18 . Review the profile and click Create
19 . Review the deployment status of the new Configuration Profile
20 . The devices will automatically install the extension. You can view if this was successful by viewing the extensions within Edge on the client device
In this post, we observed how to add the “My Apps Secure Sign-in Experience” Extension for Edge from an Intune Configuration Profile.
In the next post, we will give an example of how we can leverage this browser extension to give your users an SSO experience accessing corporate social media accounts – without giving them the social media account credentials!