Join the Mozilla’s Test Days event from 9–15 Jan to test the new Firefox address bar on Firefox Beta 135 and get a chance to win Mozilla swag vouchers! 🎁

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

Azure Conditional Access

  • 9 réponses
  • 1 a ce problème
  • 6 vues
  • Dernière réponse par Mike Kaply

more options

Hi,

I've been researching this somewhat and I'm not exactly sure where/what the exact problem is to be honest. So far IE, Edge (new Chromium at least) and Chrome, with the add-on from Microsoft work fine and authentication properly with Conditional Access setup in an Azure environment but for some reason Firefox does not, you get "You can't get there from here" message.

Now from what I gather this is due to the way Conditional Access works and Firefox not being able to reply with the correct device authentication/ADAL when prompted for it. What I'm asking is, is this something that Mozilla can solve on their own or is this something that Microsoft has to work out on their end?

I'm fine with opening a bug report on Bugzilla but I wanted to dig a bit deeper and hopefully understand the issue at hand on this as to not waste developer(s) time if this is something that Microsoft should fix.

Source1: https://social.technet.microsoft.com/Forums/en-US/eafe0951-3929-46d1-bcbd-bbe5c006f0e4/firefox-not-compatible-with-conditional-access-why?forum=microsoftintuneprod Source2: https://old.reddit.com/r/firefox/comments/b2jtnq/wtf_microsoft/

Hi, I've been researching this somewhat and I'm not exactly sure where/what the exact problem is to be honest. So far IE, Edge (new Chromium at least) and Chrome, with the add-on from Microsoft work fine and authentication properly with Conditional Access setup in an Azure environment but for some reason Firefox does not, you get "You can't get there from here" message. Now from what I gather this is due to the way Conditional Access works and Firefox not being able to reply with the correct device authentication/ADAL when prompted for it. What I'm asking is, is this something that Mozilla can solve on their own or is this something that Microsoft has to work out on their end? I'm fine with opening a bug report on Bugzilla but I wanted to dig a bit deeper and hopefully understand the issue at hand on this as to not waste developer(s) time if this is something that Microsoft should fix. Source1: https://social.technet.microsoft.com/Forums/en-US/eafe0951-3929-46d1-bcbd-bbe5c006f0e4/firefox-not-compatible-with-conditional-access-why?forum=microsoftintuneprod Source2: https://old.reddit.com/r/firefox/comments/b2jtnq/wtf_microsoft/

Toutes les réponses (9)

more options

Is there a way I can get the Chrome add-on and look at it?

more options

Actually we support client certificates now, so there should be a way to make this work.

more options

Sorry, one more thing. Is this extension related?

https://addons.mozilla.org/en-US/firefox/addon/access-panel-extension/

more options
more options

Looks like https://addons.mozilla.org/en-US/firefox/addon/windows-10-accounts-port/ might do the trick, is there anyway to vet this extension or implement support without an extension (without ua spoofing, that's really something Microsoft should fix)?

more options
more options

I'll take a look at the extension and see what it does. I'll also try to reach out to Microsoft.

more options

Thanks Mike, I compared the Chrome addon to the port version for Firefox, they seem to be doing the same thing with the addition of user agent spoofing to fool Azure into believing we're actually Chrome so that the server offers the correct option(s). Other than that they are identical as far I can tell not withstanding the obvious change where necessary to make it work in Firefox, like 'chrome' replaced with 'browser' in background.js + the registry addon and json file that are required for it to work, this I can confirm now after testing.

However the extension being a third-party port, not saying there is anything wrong or suspect with it, but it would still be better if this could be implemented to work without an extension. Security (conditional access in this case) is an ever increasing importance for enterprise users so having said implementation supported directly is better than relying on a third party to do it.

Considering the amazing work Mozilla has been doing lately to support enterprise users this would be a really nice addition to your portfolio as a serious browser for business users.

Edit: grammar

Modifié le par Jax-Ur

more options

I'm not sure how easily we could integrate, but I'm continuing to reach out to Microsoft to try to get an answer.