Skip to main content
TechnologyJul 16, 2026· 2 min read

Goodbye Consent Pop-Up: Microsoft Restores Continuous SSO Access on Managed PCs

Microsoft has resolved one of the major headaches reported by IT departments of European companies in recent months. With the July 2026 update (KB5101650, available from July 14), Windows 11 introduces a registry policy that allows automatic acceptance of SSO (Single Sign-On) prompts on managed devices, without needing to prompt the user at every login.

The problem arose from a modification imposed by the regulations of the European Economic Area (EEA), which obliged Microsoft to introduce an explicit confirmation step when Windows login credentials are reused for authentication on other Microsoft apps. Until recently, the link between Windows login and cloud services happened transparently. With the new rules, however, every user found themselves in front of a pop-up asking if they wanted to share the same credentials with the next application, a step designed to protect individual choice but became a daily nuisance on enterprise fleets of hundreds or thousands of machines.

How the New Registry Key Works

The technical solution passes through a single registry entry: the path is HKLM\SOFTWARE\Policies\Microsoft\Windows\AAD, with a DWORD value named AutoAcceptSsoPermission set to 1. By enabling it, the system automatically accepts the SSO prompt on behalf of the user, restoring the continuous login behavior between Windows and the Microsoft cloud apps that companies had before the regulatory change.

The policy is distributed with tools that IT departments already use every day: Group Policy, Microsoft Intune, Microsoft Configuration Manager, or any other MDM tool capable of writing registry keys on managed devices. Thus, there is no manual procedure on individual PCs but a centralized rollout compatible with the management infrastructures already in use.

However, the scope of application remains precisely defined. The key only works on Microsoft Entra ID accounts linked to devices actually managed by the organization. Personal Microsoft accounts (MSA) continue to receive the confirmation prompt without exceptions, as well as devices not managed by any IT policy, which remain outside the scope of the change.

This update arrives on Windows 11 versions 24H2 and 25H2, the two releases currently supported in enterprise distribution channels. For IT departments managing fleets of Entra-joined devices, this is a targeted intervention: it does not touch the security of the SSO mechanism itself but restores to the administrator the ability to decide once and for all what the user would have approved at every login.