Microsoft is introducing a new registry-based policy that lets IT administrators automatically accept Windows SSO permissions on Windows 11 versions 24H2 and 25H2 devices managed with Microsoft Entra ID.
Users with personal Microsoft accounts and devices outside policy-managed environments will continue to receive SSO permission prompts.
Admin control for SSO prompts in Windows (Source: Microsoft)
Why Microsoft introduced it
In the European Economic Area (EEA), Microsoft changed the Windows sign-in experience so users can choose whether to use the same account across Microsoft apps and services, giving them greater control over where their account is used.
“For managed enterprise environments, some organizations wanted additional flexibility to manage the SSO prompt experience on devices where their organizations already manage sign-in policies and trust relationships,” Justin Ploegert, Principal Technical Program Manager at Microsoft, said.
Deployment
IT administrators can deploy the registry policy through Group Policy, Microsoft Intune, another mobile device management (MDM) solution, Microsoft Configuration Manager, or any management tool that supports registry policy deployment. They should then validate SSO behavior across their managed device fleet.

