edge active directory auto-sign in

Question

edge 94; i have two win10 1909 computers both getting the same GPOs. specifically, computer/admin templates/microsoft edge/configure automatic sign in with active directory domain account when there is no azure AD account/ is set to "sign in and make domain account non-removable," and "browser sign in settings" is set to enable browser sign in. they are domain-joined machines, the local AD is azure-free.

when userx signs into machine1, edge signs him in with his local domain\userx account.
when userx signs into machine2, edge does not sign him in with his local domain\userx account.

both machines have previously had secondary azure "work or school" accounts added to them, and machine1 still has a secondary edge profile for that azure account, and i can switch back and forth. the azure account has been removed completely from machine2, but the AD auto-login is still not happening after a reboot. is this the expected behavior just because it had an azure account on it once? do i have to blow away the whole OS user profile to get the AD auto-login back?

Answer 1

"Please also make sure ImplicitSignInEnabled is not disabled" i did not have this setting available, because i had version 84 of the edge ADMX. but i just got version 94 of the admx, applied this policy setting as 'enabled,' and gpupdated/rebooted machine2, and the behavior persists.

"an auto sign-in hasn't happened before" - this may be the case, or at least i manually logged in to edge with the azure AD account. but right now, if i go into the settings app on machine2, and go to 'access work or school,' only my local AD is in there. under 'email & accounts," only my local AD is there. if i go into edge, there is one profile, and it is not connected to any account.

so how can i reset edge on machine2 so that it obeys the group policy telling it to log in with the local AD credentials? yes, the policy is being applied, per rsop and per the registry on machine2.