Outlook login issues with WVD - FSLogix

Case with FS Logix Team:

120032624003833

Case with Office Team: 

19016551

The latest response from our T3 Escalation engineer from the Office team was:

"After multiple crits last week regarding AAD registration and FSLogix, only solution I’ve found for WVD is to be domain joined only then reset everyone’s FSLogix profile(rename?) so it doesn’t get registered again with used device ID when user signs in.

These are the reg keys we used for WVDs :

[HKLM\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin​]
"BlockAADWorkplaceJoin"=dword:00000001



[HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\WorkplaceJoin​]
"autoWorkplaceJoin"=dword:00000000"


We did have this in place, deleted all profile containers, and it worked.  However, after a few days we had the appx errors.  From what our MS engineer said, the Azure AD Broker package is not supported with WVD/Multi-Session Windows 10 so the login script that we had in place to register the Azure AD Broker Appx package was not a supported configuration (although it did work).

We are also engaged with a WVD architect and our Partner Technology Strategist who is working to get more eyes on this internally.  We have a call again with them tomorrow.  Unfortunately, it might be too late as we've been told that the solution might be ripped out and replaced with traditional RDS VM's in Azure due to all of this.

Key take-aways for me:
1.  Azure ADDS and WVD are no good when Office is used unless the registry key and the login script are in place.
2.  Use traditional AD Hybrid (with Azure AD Connect) and Hybrid Azure AD join/Seamless SSO with WVD.

This isn't a FS Logix problem.  It's a modern auth/device registration problem.  The profile just keeps the token in place with the deviceid from the "original" session host.  With no Hybrid Azure AD Join/Seamless SSO, the token breaks and Outlook cannot figure out how to reprompt/generate a new token with the new deviceid.