搜索 | 用户支持

防范以用户支持为名的诈骗。我们绝对不会要求您拨打电话或发送短信,及提供任何个人信息。请使用“举报滥用”选项报告涉及违规的行为。

详细了解

Azure Conditional Access

  • 9 个回答
  • 1 人有此问题
  • 6 次查看
  • 最后回复者为 Mike Kaply

more options

Hi,

I've been researching this somewhat and I'm not exactly sure where/what the exact problem is to be honest. So far IE, Edge (new Chromium at least) and Chrome, with the add-on from Microsoft work fine and authentication properly with Conditional Access setup in an Azure environment but for some reason Firefox does not, you get "You can't get there from here" message.

Now from what I gather this is due to the way Conditional Access works and Firefox not being able to reply with the correct device authentication/ADAL when prompted for it. What I'm asking is, is this something that Mozilla can solve on their own or is this something that Microsoft has to work out on their end?

I'm fine with opening a bug report on Bugzilla but I wanted to dig a bit deeper and hopefully understand the issue at hand on this as to not waste developer(s) time if this is something that Microsoft should fix.

Source1: https://social.technet.microsoft.com/Forums/en-US/eafe0951-3929-46d1-bcbd-bbe5c006f0e4/firefox-not-compatible-with-conditional-access-why?forum=microsoftintuneprod Source2: https://old.reddit.com/r/firefox/comments/b2jtnq/wtf_microsoft/

Hi, I've been researching this somewhat and I'm not exactly sure where/what the exact problem is to be honest. So far IE, Edge (new Chromium at least) and Chrome, with the add-on from Microsoft work fine and authentication properly with Conditional Access setup in an Azure environment but for some reason Firefox does not, you get "You can't get there from here" message. Now from what I gather this is due to the way Conditional Access works and Firefox not being able to reply with the correct device authentication/ADAL when prompted for it. What I'm asking is, is this something that Mozilla can solve on their own or is this something that Microsoft has to work out on their end? I'm fine with opening a bug report on Bugzilla but I wanted to dig a bit deeper and hopefully understand the issue at hand on this as to not waste developer(s) time if this is something that Microsoft should fix. Source1: https://social.technet.microsoft.com/Forums/en-US/eafe0951-3929-46d1-bcbd-bbe5c006f0e4/firefox-not-compatible-with-conditional-access-why?forum=microsoftintuneprod Source2: https://old.reddit.com/r/firefox/comments/b2jtnq/wtf_microsoft/

所有回复 (9)

more options

Is there a way I can get the Chrome add-on and look at it?

more options

Actually we support client certificates now, so there should be a way to make this work.

more options

Sorry, one more thing. Is this extension related?

https://addons.mozilla.org/en-US/firefox/addon/access-panel-extension/

more options
more options

Looks like https://addons.mozilla.org/en-US/firefox/addon/windows-10-accounts-port/ might do the trick, is there anyway to vet this extension or implement support without an extension (without ua spoofing, that's really something Microsoft should fix)?

more options
more options

I'll take a look at the extension and see what it does. I'll also try to reach out to Microsoft.

more options

Thanks Mike, I compared the Chrome addon to the port version for Firefox, they seem to be doing the same thing with the addition of user agent spoofing to fool Azure into believing we're actually Chrome so that the server offers the correct option(s). Other than that they are identical as far I can tell not withstanding the obvious change where necessary to make it work in Firefox, like 'chrome' replaced with 'browser' in background.js + the registry addon and json file that are required for it to work, this I can confirm now after testing.

However the extension being a third-party port, not saying there is anything wrong or suspect with it, but it would still be better if this could be implemented to work without an extension. Security (conditional access in this case) is an ever increasing importance for enterprise users so having said implementation supported directly is better than relying on a third party to do it.

Considering the amazing work Mozilla has been doing lately to support enterprise users this would be a really nice addition to your portfolio as a serious browser for business users.

Edit: grammar

由Jax-Ur于修改

more options

I'm not sure how easily we could integrate, but I'm continuing to reach out to Microsoft to try to get an answer.