Forum Discussion
Office 365 Shared Computer Activation Prompts for user to sign in when SSO is enabled
Setting up a shared machine to be used by multiple people. Following items have been set up.
* GPO policy set " Use Shared computer activation" Enabled " specified selected PCs"
* Office Version 2202 Build 14931.20764
* SSO enabled on accounts For testing i am using one with 2FA [ using microsoft authenticator app ]
* License Microsoft 365 Business Premium
Logging into PC that has been marked as a shared machine, you open up Word / Excel and it prompts you to log in. It is acting like the SSO can't validate who the user is.
snippet of xml file used on shared machine
<Updates Enabled="False"/>
<Display Level="Full" AcceptEULA="TRUE" />
<Property Name="SharedComputerLicensing" Value="1" />
<Property Name="AUTOACTIVATE" Value="1" />
<Property Name="FORCEAPPSHUTDOWN" Value="TRUE"/>
Screenshot of when you first open up word [ or any other office product ] It tries to verify who you are because on the top it tries to sign me in as my name appears at the top. but it still wants me to set up office.
Work around - At this point you have to close out, put it in view only mode. log out the account that it is trying to log in. Then sign in and walk through the setup process to activate the account.
we have no issues with any other machines except machines we marked as being shared with in the Group Policy.*
- RNalivaikaIron Contributorcomputer has to be aad joined or hybrid aad joined for sso to work. also, logging on to windows does not require second factor, so starting ms365app would require a first sign in with mfa.
to avoid authentication prompt, you could consider conditional access to not require mfa on compliant device (or IP, or other condition), but that would be added security risk ofc.- JayO78Copper ContributorMachine is set up in a Hybrid [ Azure AD ] and is domain joined. This only appears to be happening with users who have MFA enabled on their account. SSO is acting like it can't validate the windows credentials and doesn't automatically prompt for the Approved Sign in. Tested a few users who do not have MFA set up and it is working as expected. Account gets verified and a license is acquired.