Edge Could Automatically Switch To Private Mode
Elpidio Heart
Starting Monday (Aug. 29, 2022) all our internal application websites that run over http are not getting redirected to https in Edge. I have checked if there were any policy changes in Intune or GPO and we cannot find any. Also, it started happening for just a few users but throughout the day more are having this happen. The setting in Edge to redirect from HTTP to HTTPS is not enabled by default, but we even tried manually disabling this and it still is doing it. I have a feeling it could be a Windows update but I tested installing all available updates on another PC and it does not have the issue yet. If the user opens the sites in an in private browser window they don't have the issue either. Any help or suggestions is appreciated.
That URL is configured with rewrite rule. When you navigate to HTTP it returns back a 301 to the browser which triggers a redirect to HTTPS. That is the expected behavior. However your redirect rule is returning a permanent move. The problem with this is that browsers (and proxy servers) are allowed to remember this and never ask again. Hence if you told the browser to redirect to some arbitrary URL then on subsequent requests the browser would not bother using the URL entered but rather remember the permanent redirect and send the user to the other URL. Setting a redirect permanent can cause issues if you ever need to change the URL.
I thing to eliminate is the browser having a permanent redirect to the wrong URL. Unfortunately clearing that cache is a pain as it isn't the normal cache. Refer to this post on how to clear the redirect that the browser may be storing. You have to do it on each impacted client machine AFAIK.
Site redirection is generally a feature of the site you're going to. For example if you navigate to the server will send back a 301/302 to redirect. Open the browser on a machine experiencing the issue and go to the site you expect. Bring up the Developer Tools (F12) and go to the network tab. Ctrl+F5 the page to reload it. In the network tab you should the request to http. In the response you should get back a 301/302 with the URL using https. If you don't then the site isn't doing redirection as it probably should. You can confirm this by going to a machine where it is redirecting and confirm the behavior.
If you want to force all sites to redirect then check the policy on the browser itself by navigating to edge://settings/privacy. However it is an experimental feature at least in 102 so you'll navigate to edge://flags/#edge-automatic-https instead. Note also that if you're using Edge's features to do smart navigation (or whatever they call it) then it is possible that your URL is getting matched to http sometimes and https others. Having sites auto-redirect is the correct solution to solve this.
Thank you for your response. I agree with what you are saying, however we have tried manually disabling the settings in both edge://settings/privacy and edge://flags/#edge-automatic-https without success. The default values are supposed to be disabled anyway too from what I understand. These are all internal application sites that haven't changed in many years, and running various web servers (IIS, Apache, etc.) and for all of them to start having the behavior points me to something else than the web sites. Also the fact that some users can access it fine and others can't doesn't make sense. I'm leaning toward this is an issue with a recent Windows update rolling out as users have started to get them at the end of the month, but doesn't make sense that I forced my machine to get them and everything was still working. I've gone over any policy changes and didn't find any either.
I agree with cooldadtx's answer. Http to https redirecting is not decided by browser. It's decided by sever client. But you can make redirection happen in browser even if it doesn't have a redirect rule in sever client.
You can enable Automatic HTTPS in edge://flags/#edge-automatic-https. Then enable Automatically switch to more secure connections with Automatic HTTPS in edge://settings/privacy and choose Always switch from HTTP to HTTPS (connection errors might occur more often). The site loading is also related with browser cache so you can clear browser cache and reload the site to test.
If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
For love nor money, I cannot switch to a separate profile in the browser and have the M365 portal sign in with the account associated with that profile. It will REPEATEDLY default to the one signed-in to Windows itself and even if I logout, close the window, open a new one (under the correct, different profile) and login with the correct one, when I try to launch the Exchange Admin Centre (for example) I am presented with a page from my employer's tenant - not the customer one.
This is doing my head in. Microsoft have pushed this browser on us, it supports 365 accounts as seperate profiles and yet doesn't seem to support this basic functionality in a way that's simple and not incredibly time consuming.
Is there something I'm missing or has my company configured something in GPO (which I'd need to ask the question regarding, I have no access to confirm that personally) which is enforcing this and creating the issue for me?
I too, use Edge profiles to manage Microsoft 365 client tenants. I choose create new work/school profile. I signed in using the new Microsoft 365 tenant account. I go to admin.microsoft.com and I'm signed in automatically using the "signed in to this computer" account which is what I don't want. I want to be signed in using the work/school account I just signed in to instead. I can see sometimes, the choose which profile to sign in to appear and then disappear. How can I get that pop-up to stop disappearing? Or at least allow the first signed in account into the new profile to be persistent instead of signing me back in to my "signed in to this computer" account.
our usage case is that we have a standard AD account that is used to log into the local device and access standard M365 resources, and a separate admin account to administer our M365 tenant for the IT team. my standard account is used by default for most purposes but I've created a second Edge profile that will use my admin account to sign in and manage M365
In Windows Settings - Accounts - Email & accounts, click on add workplace or school account, follow the steps using the admin account, you should then have 2 entries for your standard account and the admin account
now, when you launch the browser with the second Edge profile and try to access and sign into M365 you should be give the option to use either the standard account or the secondary admin account, it should also save the last used account so next time you launch the browser it will remember the account you used.
You can skip the "Pick an account" prompt and force the login with the current profile in Microsoft Edge. Do this by enabling the option "Automatically sign in to sites with your current work or school account".
Do you mean for some sites Edge always switch to use the work account profile to sign in even if you're using another profile? If so, there might be that you configured to use Profile preferences for sites.
You can go to edge://settings/profiles/multiProfileSettings in Edge, turn off Automatic profile switching, remove all the sites under Profile preferences for sites. After that, you can test again. It should be able to use other profiles to log in sites.
I tried your solution but no, that has not resolved it. Can I confirm - you thought I had configured an account for the Office 355 Admin Centre in Profile Preferences which the Browser was defaulting to, each time I tried to launch the page?
I tried that and, although it resolved the issue for me in one of my profiles, it didn't fix the overall problem - no matter which profile I'm using Edge with, whenever I go to Office.com and attempt to access another tenant's admin centre, I get taken into my own.
You say there's still issue with Office.com, could you please also add office.com in the Profile preferences for sites list and make the action to Don't Switch? If it still doesn't fix the issue, you can try to clear all the browser data in every profile and test again to see if it works.
It's clearly trying to logon with my own M365 email/tenant into the client tenant. No amount of tweaking of the profile settings allows me to open their SharePoint home page. Although I can open M365 admin.
I love brave, and I use it on ios alongside Firefox. But it is not reliable in that regard - when I open tabs on private and leave for a moment, and use camera for example, when I switch back to brave it closes everything.
Now, Im aware that private mode is designed to be private, but many times the intension is to use it without previous cashed info for work or listening to music, it is very inconvenient every time to close like that.
I just want to be specific here. I just tested this and it works as intended, without having the results as you do. So open Brave, open Private, go to a website, open a second tab in private, go to a different website, swipe up from the bottom as if going to exit the app, tap on the screen in a place outside of the browser to go to my home page, open camera and take a picture, opened Reddit, then opened Brave. When I opened, it was still on the two pages I had and it was still in Private.
bcf7231420