If you receive the error that the “Necessary sites are not trusted” when attempting to sign in via Microsoft authentication, that means the sites required for Azure SSO are not in the trusted site zones. The computers will need to be able to reach Microsoft in order to use the Azure Active Directory authentication.
These are the necessary sites:
https://login.microsoftonline.com/
https://aadcdn.msftauth.net
If you are the system’s administrator, you should be able to add the needed sites to the group policy objects to allow them on every computer and user in their domain in a few clicks.
You can also add the sites to the local internet on a single computer by running the following Powershell Script:
# Set the Azure AD Trusted sites in the registry
Set-Location “HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings”
Set-Location ZoneMap\DomainsNew-Item login.microsoftonline.com/ -Force
Set-Location login.microsoftonline.com/
New-ItemProperty . -Name https -Value 2 -Type DWORD -ForceNew-Item aadcdn.msftauth.net/ -Force
Set-Location aadcdn.msftauth.net/
New-ItemProperty . -Name https -Value 2 -Type DWORD -Force