Forum Discussion

Michiel van den Broek's avatar
Michiel van den Broek
Iron Contributor
Jun 24, 2018

Sign in to Microsoft Apps and sites when logged on with Work account (Azure AD) in Windows 10.

I am an IT-pro, so I accept that I regularly install Preview software that doesn't work well at first and contains bugs. I also sign in to customers Office 365 tenants (but always in Private windows).

I own 2 PC's (a HP Desktop and a Surface Pro 4). Both are Azure AD Domain joined and managed with Intune (basic, just installs Office 🙂 ). I sign in to both of them with my work account. 

Every Microsoft app or website is tied to this work account (which is my primary email address). My expectation is that every app notices my work account and signs in to the app/website with this account automatically or after showing the "connected to Windows" account screen. But that is not my reality:

- Edge works fine (with O365 portal), but the OneNote add in asks me to sign in.

- Outlook connected my email account, but sometimes asks me to type in my password (and MFA)

- Microsoft Teams and other apps ask me to sign in with username, password and MFA.

- It looks like I find more and more apps/websites that don't sign me in automatically: this Tech Community Sites showed a sign in button (but I could choose my account connected to Windows)

 

I don't know if this is expected (every team at Microsoft seems to invent it's own wheels regarding the sign in process)? Or did I do something that is causing my sign in to fail. E.g should I do something with the credential manager in Windows?

 

Would reinstalling my PC's help or are my problems synced to the cloud (because of Azure AD Premium) and then synced back to my fresh installed machines?

 

Any advice where to start the troubleshooting process? Could be something simple, maybe I played with the wrong setting or forgot to configure something (e.g. trusted sites)?

 

  • There's nothing to troubleshoot, that process is simply supported only in some scenarios. The client and the application/site you are accessing both need to be leveraging the relevant APIs to make this all possible, otherwise the login process falls back to the "traditional" auth. Think of it as the difference in experience between using IE and Edge (or Chrome without the add-in).

     

    If you really want to get technical, I recommend the following posts by Jairo:

    https://jairocadena.com/2016/02/01/azure-ad-join-what-happens-behind-the-scenes/

    https://jairocadena.com/2016/11/08/how-sso-works-in-windows-10-devices/

    • Michiel van den Broek's avatar
      Michiel van den Broek
      Iron Contributor

      Thanks, Vasil! Interesting stuff to read. 

       

      I understand that applications/sites need to leverage the api, but I would expect all the Microsoft build apps and websites to do so… 

      • VasilMichev's avatar
        VasilMichev
        MVP

        It will take some time... it took almost 3 years for all Microsoft apps to start supporting Modern auth, and there are still tons of 3rd party ones that don't support it.

  • Patricia Rieck's avatar
    Patricia Rieck
    Copper Contributor
    Sorry I did fix it for the most part until they killed my domain, but the issue is in Azure, not where you would normally think, you have to make sure that federated settings are correct in Azure, make sure that all of the apps are authorized in Azure and there s new settings that I haven't had a chance to play with yet I have been down for almost two weeks
  • Patricia Rieck's avatar
    Patricia Rieck
    Copper Contributor

    Ok I just came back to the community after dealing with every possible issue and still am in the middle of a major issue, but also like you I absolutely love my preview builds.  I started out as a small company that grew rapidly with major data security compliance issues within the past two years so aside from having to deal with that issue I will address that in a different post can I ask a question because what your talking about is an issue that I dealt with extensively.  I have a work account and a personal account on my pc I don't access my personal account on my office 365 portal, I do on my outlook 2016 but both accounts are separate even with authentication methods,  I have a tablet that is setup with two different systems one personal one business on the tablet I have no single sign on ability.

Share