It may be a bit late but I never had any issues when adding the site to the "Trusted Site" configuration in IE. That worked both with SSO and non-SSO use cases to suppress the "you are about to open" warning and for SSO to actually use the Windows integrated authentication. This has worked on Windows 7 and 10, IE 10+ or Edge, using either passthru or kerberos SSO mechanisms - for various customers with both AOS integrated in Enterprise 5.0 (before it was even called AOS) and AOS on 5.1.g (201705 + AOS 1.1.3)
Sorry to bring this back but I came across this post when revisiting the issue of SSO with the forthcoming Chromium-based Edge. We have our repository in the "Trusted Site" zone in IE which has always allowed for automatic sign-in with IE and Chrome on any version of Windows (we have Kerberos SSO enabled). Automatic signin has never worked for us in Edge and does not appear to work in the Chromium Edge beta unless you put the repository in the "Intranet Site" zone but doing that will cause warnings in Office when using AOS. The Microsoft forum posts or KB articles that I read seemed to say that Edge doesn't respect the zone settings and will not forward credentials unless it is in the intranet zone.
So I guess my basic question is this, is it possible to have Kerberos SSO automatic sign-in with Edge (or Chromium Edge) without Microsoft Office warnings when using AOS? If so, which security zone is used?