Forum Discussion
Authentication popup for autologon.microsoftazuread-sso.com:443
Hello,
Using Teams 1.2.00.32462 on Windows 10 1909.
The last week or so I've been starting getting popups asking me to authenticate to autologon.microsoftazuread-sso.com:443 with a username and password.
Doing that doesn't close the popup so I just ignore it and I can still use Teams.
My computer is not domain joined.
Any ideas what I can do?
Thanks!
Just ran into this problem myself. I logged out of teams and then re-logged back in, went away.
My computer is not domain joined but I'm using a domain account for Teams of course.
I just move the popup to the side and ignore it now.
Messing around with the registry or trusted sites in IE should not be required for a modern app from Microsoft in 2020 is what I'm thinking, specially since they have built both the OS, the app, the authentication and authorization system behind everything so I'm going wait this one out 🙂
We're also experiencing this bug at a customer. We've scripted out the suggested IE trusted sites to no avail. They do not have ADFS, but hybrid infrastructure with domain controllers, file servers and some other legacy stuff. The clients are Azure AD and Intune MDM only, no hybrid.
My thoughts about cause now is DNS going through onprem AD, we've seen this intefere with auth earlier. But if this is a confirmed bug from Microsoft:
- Any word on when a fix will be available?
- Why are there no status page for bugs like these?
- Think of all the overhead when multiple partners/ MS customers have to create tickets, instead of just being transparent on things like these.
- Not only that, we can't really use info on a forum to tell the customers that theres nothing we can do about it. So with no public info on this bug from Microsoft, we're forced to create a ticket too.
- Are your clients computers domain joined?
A script is not needed for the deployment. You can use a GPO to push out the intranet zone settings for all computers such that the autologon domain is added. This is a strong suggestion for all tenants that have Azure Seamless Signon enabled, which I suspect all of us do. The intranet zone should be configured by default to automatically pass authentication to sites in the zone.
Once that's in place, computers should no longer prompt. At least, that is my own experience. If you manually adjust an affected computer, does it still prompt?Thanks for trying to help, but as my post said "The clients are Azure AD and Intune MDM only, no hybrid.".
We could use Administrative Templates in Intune, but that will enforce it so that users can't add their own sites. Which for most of our customers is a requirement. Which is why we script it.
Still no fix for this? We're still having this issue in our scenario.
Ulf Lundqvist We have noticed the problem popping up as well. We do have single sign in enabled, but most of our users utilize different browsers - Edge and Chrome so the suggestions above aren't really helping. I would like to know if there is a solution as well
- Hi Carol,
I am confused as to the browser reference, as these prompts should be occurring inside of the windows teams app. The authentication setting inside of Internet Options - Intranet Zone should remediate it.
That's what a O365 supporter told me:
- Open Internet Explorer > look for setting gear option > Internet options > Security > Trusted sites > add one more url link "https://aadg.windows.net.nsatc.net"
- Open the registry editor and navigate to below path
- \HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoftazuread-sso.com\autologon
- Key "https" Dword value should be set to "1" instead of "2"
- Note: Make sure that you are taking backup of registry file before making any registry changes.
Please let us know if the given action plan works for you.
jonas_huber
this seems to be working for me outside our RDS environment. Will try inside our RDS environment.- New to teams? Follow these easy steps to get started:
Install client with one click
Add site to trusted zone
Edit registry
Profitexactly!
I won't close the O365 trouble ticket till they give me a fixit.exe to solve the problem 😉
I can (must) test SW for them but won't do all the GPO fixes myself...
- worked for me after a reboot!
Was this an issue with just MS Teams version 1.2.00.32462? In late December my Teams was having the same problem when logging in. But now it seems to have fixed itself. I just saw this article and checked my Teams version. The version that I have installed is 1.2.00.3416. I'm not sure Teams updated without me knowing and this new version fixed it?
I have version 1.2.0034161 and the popup is not gone 😞
All,
I opened a ticket for this 6 months ago. The issue was occuring, then after many months of troubleshooting with MS, it went away, and now it's back again. Now I have to go back to Microsoft and start all of over again with trying to fix this problem.The problem is a bug with the Office 365 Web Apps integration with the Azure Seamless Signon authentication - opening a Word/Excel file for editing inside of Teams can often trigger it.
You can fix it by modifying the Intranet zone setting as suggested above, but this does NOT help users' personal devices which will have the same problem. So, you are only solving the prompt for domain joined devices where you have administrative control. Anyone with Teams installed on a personal device is SOL.
aleks_m We are also experiencing this same issue. Only difference is that after we close this screen:
and then close teams completely and try to reopen Teams we get this page:
Still have not found a way to bypass this issue...
I've had success adding this to our Trusted sites - seems to fix all our devices so far. If you have alot of devices to touch maybe Group Policy or the Powershell below would add this for you
#AutoLogon URL to IE11 TRUSTED SITES (VALUE 1 = LOCAL VALUE 2 = TRUSTED SITES
$TestRegistry = Test-Path "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\autologon.microsoftazuread-sso.com"
if ($TestRegistry -eq $true) {Write-Host 'https://autologon.microsoftazuread-sso.com is in Trusted Sites!' -ForegroundColor Green}
if ($TestRegistry -eq $false) {
Set-Location "HKCU:\Software\Microsoft\Windows\CurrentVersion\Internet Settings"
Set-Location ZoneMap\Domains
New-Item autologon.microsoftazuread-sso.com
Set-Location autologon.microsoftazuread-sso.com
New-ItemProperty . -Name https -Value 2 -Type DWORD
}
Under Known Issues of: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/tshoot-connect-sso
"Adding the Azure AD service URL (https://autologon.microsoftazuread-sso.com) to the Trusted sites zone instead of the Local intranet zone blocks users from signing in."I just thought I drop this in for your to review.
labanex we also hit this problem. After trying some possible fixes found on several pages, we added
https://autologon.microsoftazuread-sso.com to the Local Intranet sites in Internet Properties --> Security and that made the difference.
- That doesn't solve the problem for personal devices and is just a workaround.
Do you communicate to your users they if they install teams on a personal device that they need to do this to avoid prompts? Seems pretty crappy.
labanexadded the url (https://autologon.microsoftazuread-sso.com) to trusted sites without any luck.
It does not popup when i open a file in a chat (anymore) and when opening files from a team discussion in sharepoint, it doesn't popup anything aswell. After opening the file in sharepoint, I was also able to open the file for editing in Teams without popup. not sure if that's the trick or work around.
- I have seen this on a couple of computers this week as well. It is on domain joined computers.
Closing Teams and starting it again seemed to get rid of it and I have not heard from the users since then.- unfortunately that did not solve the issue on my side. actually when i have the document open, quit teams and start teams again it will start with the opened document and shows me the popup immediately.
I have multiple users with the same issue. I am also able to reproduce the message by opening a file within teams. after loading the file it pops up. Not sure where the issue is at this moment. It happens within Windows 10 -1909 (not domain joined) but also within our RDS environment (Windows server 2016 - local domain joined, not the same as AzureAD because of multi tenant env).
robbsmet, aleks_m , I was also able to reproduce this by opening a file within Teams. It only occurs when the file is in a folder linked to another SharePoint Document Library. This is indicated by the folder having the SharePoint Icon.
Credit for Snip from: https://blogs.technet.microsoft.com/skypehybridguy/2017/10/28/microsoft-teams-use-an-existing-sharepoint-library/
