How can Single Sign-On (SSO) for the Defender Management Portal be enabled?
By default the Defender Management Portal will prompt for forms-based authentication, but it can be changed to use Windows Authentication, if required.
To achieve this you need to disable the "Anonymous Authentication" setting for the Defender Web Interface website in IIS. You also need to ensure "Windows Authentication" is enabled (see the Technet article below for specifics).
With these settings the following will occur:
- A user accessing the token request page from a workstation on the domain will be automatically logged in with their Active Directory credentials. Thus, SSO is performed.