SSO (CloudAPAuthEnabled) not working in CefSharp even with Chrome runtime enabled #5169
Description
When embedding CefSharp we need automatic SSO with Microsoft accounts (Azure AD / MSA).
On a normal Chrome installation this works correctly when the CloudAPAuthEnabled policy is set to 1 (Enable Microsoft® cloud authentication). Users signed into Windows with a Microsoft account or AzureAD account are automatically signed into Microsoft cloud properties without showing a login dialog.
In CefSharp:
- 3rd party cookies are allowed.
- Chrome runtime (
CefSharpSettings.RuntimeStyle = CefRuntimeStyle.Chrome;) was tested. - Flags like
--enable-chrome-browser-cloud-managementwere tested. - Policies in Windows registry (
CloudAPAuthEnabled) are applied correctly for Chrome, but CefSharp ignores them. - WebView2 with AllowSingleSignOnUsingOSPrimaryAccount = true option set works.
Expected behavior:
When CloudAPAuthEnabled=1 is set in Windows policies, CefSharp with Chrome runtime should inherit this behavior and sign the user in automatically, just like Chrome does.
Actual behavior:
Even with the same machine/user where Chrome auto-signs in, CefSharp still prompts the user with a Microsoft login dialog.
Steps to reproduce:
- Join Windows 10/11 machine to Azure AD or sign in with a Microsoft account.
- Enable the
CloudAPAuthEnabledpolicy. - Launch Chrome → open a Microsoft property (e.g., outlook.office.com) → user is signed in automatically.
- Launch CefSharp browser (WinForms/WPF, any example app) → navigate to the same property → login prompt is shown instead of automatic sign-in.
Question / Feature request:
Is there a way to enable CloudAPAuthEnabled support in CefSharp (Chrome runtime), or is this functionality intentionally not supported in CEF?
If not currently supported, can this be exposed so that embedded Chromium respects the CloudAPAuthEnabled policy or can it be somehow set? Possible workaroud?