This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Azure Conditional Access

  • 9 replies
  • 1 has this problem
  • 6 views
  • Last reply by Mike Kaply

more options

Hi,

I've been researching this somewhat and I'm not exactly sure where/what the exact problem is to be honest. So far IE, Edge (new Chromium at least) and Chrome, with the add-on from Microsoft work fine and authentication properly with Conditional Access setup in an Azure environment but for some reason Firefox does not, you get "You can't get there from here" message.

Now from what I gather this is due to the way Conditional Access works and Firefox not being able to reply with the correct device authentication/ADAL when prompted for it. What I'm asking is, is this something that Mozilla can solve on their own or is this something that Microsoft has to work out on their end?

I'm fine with opening a bug report on Bugzilla but I wanted to dig a bit deeper and hopefully understand the issue at hand on this as to not waste developer(s) time if this is something that Microsoft should fix.

Source1: https://social.technet.microsoft.com/Forums/en-US/eafe0951-3929-46d1-bcbd-bbe5c006f0e4/firefox-not-compatible-with-conditional-access-why?forum=microsoftintuneprod Source2: https://old.reddit.com/r/firefox/comments/b2jtnq/wtf_microsoft/

Hi, I've been researching this somewhat and I'm not exactly sure where/what the exact problem is to be honest. So far IE, Edge (new Chromium at least) and Chrome, with the add-on from Microsoft work fine and authentication properly with Conditional Access setup in an Azure environment but for some reason Firefox does not, you get "You can't get there from here" message. Now from what I gather this is due to the way Conditional Access works and Firefox not being able to reply with the correct device authentication/ADAL when prompted for it. What I'm asking is, is this something that Mozilla can solve on their own or is this something that Microsoft has to work out on their end? I'm fine with opening a bug report on Bugzilla but I wanted to dig a bit deeper and hopefully understand the issue at hand on this as to not waste developer(s) time if this is something that Microsoft should fix. Source1: https://social.technet.microsoft.com/Forums/en-US/eafe0951-3929-46d1-bcbd-bbe5c006f0e4/firefox-not-compatible-with-conditional-access-why?forum=microsoftintuneprod Source2: https://old.reddit.com/r/firefox/comments/b2jtnq/wtf_microsoft/

All Replies (9)

more options

Is there a way I can get the Chrome add-on and look at it?

more options

Actually we support client certificates now, so there should be a way to make this work.

more options

Sorry, one more thing. Is this extension related?

https://addons.mozilla.org/en-US/firefox/addon/access-panel-extension/

more options
more options

Looks like https://addons.mozilla.org/en-US/firefox/addon/windows-10-accounts-port/ might do the trick, is there anyway to vet this extension or implement support without an extension (without ua spoofing, that's really something Microsoft should fix)?

more options
more options

I'll take a look at the extension and see what it does. I'll also try to reach out to Microsoft.

more options

Thanks Mike, I compared the Chrome addon to the port version for Firefox, they seem to be doing the same thing with the addition of user agent spoofing to fool Azure into believing we're actually Chrome so that the server offers the correct option(s). Other than that they are identical as far I can tell not withstanding the obvious change where necessary to make it work in Firefox, like 'chrome' replaced with 'browser' in background.js + the registry addon and json file that are required for it to work, this I can confirm now after testing.

However the extension being a third-party port, not saying there is anything wrong or suspect with it, but it would still be better if this could be implemented to work without an extension. Security (conditional access in this case) is an ever increasing importance for enterprise users so having said implementation supported directly is better than relying on a third party to do it.

Considering the amazing work Mozilla has been doing lately to support enterprise users this would be a really nice addition to your portfolio as a serious browser for business users.

Edit: grammar

Modified by Jax-Ur

more options

I'm not sure how easily we could integrate, but I'm continuing to reach out to Microsoft to try to get an answer.