After enabling Enhanced Protected Mode settings from Internet Explorer (IE) --> Internet Options --> Advanced --> Security --> Enable Enhanced Protected Mode , IWA authentication via proxySG / ASG / SGVA shows on of the following behaviors
Enhanced Protected Mode is a security feature that was introduced in Windows 8 . Also present in windows 10 as well.. This security feature restricts the browser (IE) from providing computer and personal data (i.e NTLM credential / kerberos ticket etc which is required for IWA authentication) . More details can be found on this Microsoft article . When this security feature is enabled , Internet explorer no longer participates in NTLM / kerberos negotiation with proxySG, hence IWA authentication shows one of the behaviors stated above.
When proxySG / ASG / SGVA is deployed with IWA authentication , Enhanced Protected Mode security settings needs to disabled in IE security settings. By default this feature is turned off. The purpose of this feature is already served by the SG. such as
Note - Having Enhanced Protected Mode enabled in IE does not affect IWA authentication behavior of Chrome of Firefox.