Forum Discussion

JayO78's avatar
JayO78
Copper Contributor
Dec 21, 2022

Office 365 Shared Computer Activation Prompts for user to sign in when SSO is enabled

Setting up a shared machine to be used by multiple people. Following items have been set up.

 

* GPO policy set " Use Shared computer activation" Enabled " specified selected PCs"

* Office Version 2202 Build 14931.20764

* SSO enabled on accounts For testing  i am using one with 2FA [ using microsoft authenticator app ]

* License Microsoft 365 Business Premium

 

Logging into PC that has been marked as a shared machine, you open up Word / Excel and it prompts you to log in. It is acting like the SSO can't validate who the user is.

snippet of xml file used on shared machine

<Updates Enabled="False"/>

<Display Level="Full" AcceptEULA="TRUE" />

<Property Name="SharedComputerLicensing" Value="1" />

<Property Name="AUTOACTIVATE" Value="1" />

<Property Name="FORCEAPPSHUTDOWN" Value="TRUE"/>

 

 

Screenshot of when you first open up word [ or any other office product ] It tries to verify who you are because on the top it tries to sign me in as my name appears at the top. but it still wants me to set up office.

 

 

Work around - At this point you have to close out, put it in view only mode. log out the account that it is trying to log in. Then sign in and walk through the setup process to activate the account. 

 we have no issues with any other machines except machines we marked as being shared with in the Group Policy.* 

 

 

  • RNalivaika's avatar
    RNalivaika
    Iron Contributor
    computer has to be aad joined or hybrid aad joined for sso to work. also, logging on to windows does not require second factor, so starting ms365app would require a first sign in with mfa.
    to avoid authentication prompt, you could consider conditional access to not require mfa on compliant device (or IP, or other condition), but that would be added security risk ofc.
    • JayO78's avatar
      JayO78
      Copper Contributor
      Machine is set up in a Hybrid [ Azure AD ] and is domain joined. This only appears to be happening with users who have MFA enabled on their account. SSO is acting like it can't validate the windows credentials and doesn't automatically prompt for the Approved Sign in. Tested a few users who do not have MFA set up and it is working as expected. Account gets verified and a license is acquired.

Resources