Home

New sign-in experience for Office 365, what's it about?

Sean Stockburger
Occasional Contributor

Today users in our tenant began getting prompted to try a new sign-in experience for Office 365. It looks a little different, but I'm unable to find documentation about what exactly has changed, and why?

 

I just want to be able to answer the inevitible questions that come up. Some of our users have already checked to see if they were getting phished. 

o365-new-signin1b.png

111 Replies
I have checked this in two First Release tenants and I'm not seeing this notification...are you sure it's not coming from a plugin you have installed in your PC?

Perhaps this one? https://blogs.technet.microsoft.com/enterprisemobility/2017/04/07/improving-the-branding-logic-of-az...

 

Although they reverted the behavior shortly after the announcement. Maybe this is the next iteration...

Thank you both for the responses. We are an EDU tenant if that makes a difference. If anything we tend to get some features later than others, even set to first-release. It might just be that we are finally catching up to a change that hit other tenants months ago.

 

One change this week is that our Azure/o365 admin applied new licenses to everyone. I wonder if that triggered something? Even before that we saw some pretty significant changes in some screens, especially the window that appears after you click to share a file or folder with someone. 

 

I don't think it is anything local to my computer, because it is affecting multiple users. So far those of us who have noticed are set up for Multifactor Autentication. I will check with some of our users who are not yet enabled for MFA.

 

Sean

Yet another unannouced change! Thanks!

I'm looking in my Tenant's Message center and I don't see anything. Fortunately we use a non-Microsoft single sign on service and most of my users won't see this change.

Well, let's see if @Tom Batcheler can shed some light on this?

I checked our message center again to see if I missed something. I'm not finding it, but I did confirm that it is visible to multiple license types in our tenant, and it is not tied to being enabled for MFA. Appears to be a tenant-wide change.

 

The good news is that the new sign-in puts our branding/service desk contact info in a more visible location. Other than that the differences are subtle enough that I doubt most people will notice any change. However they are being told the experience is "new" so we are likely to get a few questions from folks about what exactly is new?

 

 

Sean

 

 

I have also noted this change and have had no announcment in the message center. 

Also documentation available and customisable areas available with branding.

This change has arrived on our tenant too.

 

Very frustrating to have no forewarning as we have told our users to be suspicious of phishing attacks, then suddenly the login experience looks completely different.

 

I really wish Microsoft would think about the cost to their customers when they roll out changes like this without any warning.

 

 

we are seeing this too.  Enterprise E3 license tenant.  No mention of it in message center.  Has anyone yet found any communication from MS about this (particularly if/when what is currently available to "try" will become the new normal)?


@Richard Bourke wrote:

This change has arrived on our tenant too.

 

Very frustrating to have no forewarning as we have told our users to be suspicious of phishing attacks, then suddenly the login experience looks completely different.

 

 


That's my concern. We have had some recent phishing campaigns that link to some pretty accurate looking fake login pages that feature our branding and layout. There is always a giveaway, so we try to train our users to recognize our real CAS and Azure SSO pages. That's why I want to communicate with them to say, "this change is legit, and here is why you are seeing it..."

It has arrived on my tenants as well. No notification in MC, also it's not on the roadmap.

I got the new experience now as well. It seems related to the changes they are making around MicrosoftIDs and the new MSAL auth...

 

@Daniel Martins can you get someone on AAD side to comment here, please?

The login experience doesn't look completely different "suddenly". The user is told that a new login experience is availabe and is given the posibility to try it.

 

new_login.png

I see the same offer to try. Cannot find any other information about it. This will confuse our users too but is better than it being forced on them.

Same here.

We started seeing this today.

We have only 3-5 users set to first-release.

It is suddenly, as no advance notice was given to either users or admins. And it kinda contradicts what Alex said after the unfortunate branding incident: https://blogs.technet.microsoft.com/enterprisemobility/2017/04/25/having-a-growth-mindset-learning-f...

 

To quote:

 

Additionally, we learned that we took many you by surprise and did not give you enough time to alert and train your employees about the change.

...

We’re going to revisit the overall here plan and take steps to better socialize and communicate future end-user facing UX changes.

What are the news in the new login system? There are only design differences?

Two weeks ago I saw a message in the portal announcing some changes for those who have Azure AD Premium login policies. This message has disappeared afterwards.

Looks good...

We have a custom branding on the (I will call it) classic login page. Is there a way to have a different background image for modern login page? 

Next question

On our ADFS servers we have deployed a classic login experience. How can we upgrade to the new login experience?

 

Best regards

Any idea how we disable this on our account? I tried it on my personal tennent and now at work when I try open a document either from the recently used list in office (in this case Word) or even from the 'Open in Word' option in Word online, I get the ususal popup to log in but before rednering the page it goes away and I get

 

This operation has been cancelled due to Admin restrictions...

 

Bascially it's trying to do something that Appsense (our App delivery here) doesn't like. I'm concerned users in the business might do the same thing.

OK further to that sorry me being stupid. Even though I'm opening from Firefox of course Word uses IE so cleared IE Browsing history and it started working again.

 

Still can see this creating a few helpdesk calls.

Microsoft is rationalizing it's sign in experience. I have been seeing this across a number of authentication including Office 365 and Microsoft Teams. In the Message Center Microsoft is frequently mentioning the late notifications on updates. This appears to be another.
Microsoft is rationalizing it's sign in experience. I have been seeing this across a number of authentication including Office 365 and Microsoft Teams. In the Message Center Microsoft is frequently mentioning the late notifications on updates. This appears to be another.
I logged a case with the Office 365 team and they weren't even aware of it.
"There is no documentation about it as yet as it is just being tested by the back-end development team. Communication will be sent if this goes into production"

Not a very satisfactory answer and I'm surprised Microsoft can just change a user-facing interface without any kinds of communication. I certainly wouldn't be able to do that in my own company!

@Victor Ungureanu wrote:

The user is told that a new login experience is availabe and is given the posibility to try it.

And therein lies the problem. Microsoft has so many channels available to communicate these changes to customers (i.e. tenant admins) via the Office 365 roadmap, Office blog, Message Center, and even arguably here on the MS Tech Community (though it will not be as easily discovered here). Heck you could do a Microsoft Mechanics video explaining the benefits of the new design.

 

Instead a change is thrown in front of end users with no notification at all, and no controls for tenant admins. Again.

 

The change itself is fine. Harmless even. New sign-in experience? Great. Two thumbs up. But the feedback is the same, every single time - communicate changes in advance, please.

We have our IT department on First-Release and we are seeing this new experience also. However all our users are seeing this new screen. We need some kind of communication from Microsoft so that we can educate our users.

The change isn't harmless. We're getting users blocked from using it once they click the link.

We're trying to work out why now where it's GP or AppSense but the only work around is to clear IE cookies.

To make matters worse, although it looks like a nondescript box, it fits in with our colour scheme so looks like out IT department has rolled it out. 

Once clicking on it our users can't open documents directly from OneDrive.

I stand corrected.

So... the scooby.

Firstly before anyone points and laughs we're in the midsts of a 28000 user Office 365 Migration which includes a Windows 10/Office 2016 refresh.

But till then we're still on Win 7/Office 2010.

The new sign in forces MA and Office 2010 isn't MA away.

From what we can tell clearing the internet cache does fix it but we're monitoring. 

The issue we have is like most places first thing we've pushed out is OneDrive and we're starting the Exchange online migration now. 

So users are opening documents from OneDrive. Fortunately a fraction of the 28000 but still not ideal.

 

Our TAM has asked us to log a call and after an unsuccessful of Rock Paper Scissors I drew the short straw but they need to know if it's causing issues so if anyone else is in the same boat log away.

 

Cheers all 

We started seeing this in our EDU tenant today also. Not seeing any changing in how branding is handled on screen like some have. So far we can switch back and forth between the old and new experience without any issues.

 

 

Well, I have started to see this also at some customer tenants that are not even in First Release

I think the point is and it’s not a difficult one really, is we expect to be notified in advance of changes as customers, especially those ones that have a direct user impact, however trivial they might appear. Things like this can blow-up quite easily and cause unnecessary helpdesk calls for example, that a bit of forewarning could mitigate.


The fact there isn’t any official documentation, a Message center notice etc. is unfortunate and seems strange and it not being limited to First Release, doesn’t help either.

Unfortunately we have many Office 2010 users as well and the new logon experience will block users from editing content in Office 2010 from SharePoint (i.e. Open In Excel, Word, PPT from SharePoint into native 2010 application yeild an error).  If they switch back to old experience then it works.  If anyone finds a fix, please let me know.

Yep, here too (Office 2010). Argh!

As soon as someone uses the "new experience" the process is broken and my users can't edit their documents!!!!

Edit:

Here's the error.

Error.png

Here's the message for my users if anyone needs a little assistance.

Edit: updated message

updated.png

 

If they clear their IE cookies it will work after that.

 

but we're finding it keeps coming back. But just clear the cookies each time and it will work.

 

And our TAM advised us to log a call with Premier so it get's visibilty

Here is the announcement - The new Azure AD Signin Experience is now in Public Preview:

 

"You might have noticed that we’ve been rolling out the new design on Microsoft accounts over the last few weeks. Now, it’s Azure AD’s turn. Starting today, you’ll see a banner on the Azure AD sign-in page giving users the option to opt-in to see the new experience."

 

There is a call to action, to test custom branding, check any automation is unaffected and to update documentation and training materials!  As for timescales -

 

"We know that this will be a disruptive change for some of you, but we believe that this sets us up for an exciting future of innovation in the sign-in space. To give you time to prepare for the change, we’ll leave the new experience as an opt-in public preview for the next few weeks. We plan to switch over to the new UI by default during the last week of September."

Well we sure aren't going to updating all our users to Office 2016 between now and then.

This will just make my users even less likely to want to use Office365.

Oh well, so it can be a breaking change also, another rollback incoming...

 

@Cary Siemers make sure your TAM or the O365 support guys hear your feedback loud and clear on this, hopefully one day Microsoft will finally understand that such changes need to be thoroughly TESTED and ANNOUNCED well in advance.

 

@Daniel Martins another ping, there's definitely some useful feedback for you guys to gather from this thread!

Opened a ticket.

Also left a comment on the blog post, but it is still "awaiting moderation".

I've tested the new login and there appeared to be no SSO or PTA support. Had to type in both the username and password.

Agree with all the comments above.

The Office365 support (via the Admin Center) came back with it doesn't work because the new Azure sign-in uses "Modern Authentication" and Office 2010 doesn't support it, but Office 2013 & 2016 do. They proceeded to tell me the fix is to update to Office 2013 or 2016.

 

Someone here has reached out to me via these forums and I'll see where that goes.

I just tried with a cloud only account (my global admin) so not using single sign on, and I still get the same error message.

Not sure what PTA means??

Pass Through Auth

 


@Cian Allner wrote:

Here is the announcement - The new Azure AD Signin Experience is now in Public Preview:

The wrong place for such announcements, and came after the feature started showing up in tenants :-/

"We know that this will be a disruptive change for some of you...."

And yet here we are. Frustrating.

I absolutely agree Paul.  See my earlier comment for context.

 

I don't get why lessons haven't been learnt.  Incidents like this set us all back and our confidence in how this is meant to work.  The fact this hasn't reached the Message center yet I find somewhat egregious. How many customers are going discover this only when they get reports from their users or after it's mandatory otherwise? 

 

This didn't have to be a disruptive change at all, if there was enough time given to prepare customers for this new experience.   Incidentally, it's strange the announcement points to the old, read-only Azure AD forum, minor point I know.

 

I thought there was meant to be an internal customer advocate role in the change management process. They would stand up for customers as these changes are going through and intervene when required!

 

For the people that have mentioned issues with smart links, can you give an example of the link used? Mine seem to work fine, but perhaps I'm missing something.

Great to see we are not alone. He is my deleted comment from the blogpost on
https://blogs.technet.microsoft.com/enterprisemobility/2017/08/02/the-new-azure-ad-signin-experience...

 

03-08-_2017_12-47-23.jpg

 

I still waiting for Premier Support to assist. I think that will be interesting.