OneAuthAuthenticationEnforced

Article
2025-05-09

Supported versions

On Windows since 93 or later

Description

This policy allows users to decide whether to use the OneAuth library for sign-in and token fetch in Microsoft Edge on Windows 10 RS3 and above.

If you disable or don't configure this policy, signin process will use Windows Account Manager. Microsoft Edge would be able to use accounts you logged in to Windows, Microsoft Office, or other Microsoft applications for login, without the needing of password. Or you can provide valid account and password to sign in, which will be stored in Windows Account Manager for future usage. You will be able to investigate all accounts stored in Windows Account Manager through Windows Settings -> Accounts -> Email and accounts page.

If you enable this policy, OneAuth authentication flow will be used for account signin. The OneAuth authentication flow has fewer dependencies and can work without Windows shell. The account you use would not be stored in the Email and accounts page.

This policy will only take effect on Windows 10 RS3 and above. On Windows 10 below RS3, OneAuth is used for authentication in Microsoft Edge by default.

Supported features

Can be mandatory: Yes
Can be recommended: No
Dynamic Policy Refresh: No - Requires browser restart
Per Profile: No
Applies to a profile that is signed in with a Microsoft account: Yes

Data type

Boolean

Windows information and settings

Group Policy (ADMX) info

GP unique name: OneAuthAuthenticationEnforced
GP name: OneAuth Authentication Flow Enforced for signin
GP path (Mandatory): Administrative Templates/Microsoft Edge/Identity and sign-in
GP path (Recommended): N/A
GP ADMX file name: MSEdge.admx

Example value

Disabled

Registry settings

Path (Mandatory): SOFTWARE\Policies\Microsoft\Edge
Path (Recommended): N/A
Value name: OneAuthAuthenticationEnforced
Value type: REG_DWORD

Example registry value

0x00000000

Share via