Dec 19 2016 11:57 AM
Hello,
I find very little information on SSO into Office 365 ProPlus when it is deployed using SCA.
Should it be possible for a user to log into Windows (domain joined, AADSync, no roaming profiles)
and be logged in automatically into Office ProPlus
or will he always have to enter his credentials as well in Office ProPlus (deployed using SCCM with Shared Computer Activation)?
Bart
Dec 19 2016 12:29 PM
With Shared Computer Activation the user is always prompted for their username on first launch.
With Federated Authentication (SSO) it is possible to remove the requirement for them to enter their password and only require them to enter their username at which point the authentication dialog will redirect them to your federated sign on page which would automatically sign them in. If however a individual users first use on a machine occurs outside the network this would not happen as most federated authentication deployments present forms based authentication to all external off network devices. (Remote Desktop is generally still inside the network from a federated authentication perspective)
The SCA first time user experience is documented here: https://technet.microsoft.com/en-us/library/dn782860.aspx#How shared computer activation works for Office 365 ProPlus
Dec 19 2016 06:11 PM
In addition to Bill's comments, that log in and activation should only appear on first use.
The licensing token system means every time after that, the background process will contact the licensing server and attempt to renew the token in the backgorund, without the need for additional username and password entering by the user.
-Sonia
Dec 20 2016 01:48 AM
Thank you the feedback!
That would be very unfortunate because the reason of using SCA is that users are always using another PC to work on. So If I understand it correctly, they will always have to go through the Office authentication flow?
In the documentation I found and also on the video about Office deployment, the message is given that the user is authenticated automatically in the background without dialog:
If your environment is configured to synchronize Office 365 and network user accounts, then the user probably won't see any prompts. Office 365 ProPlus should automatically be able to get the necessary information about the user's account in Office 365.
From https://technet.microsoft.com/en-us/library/dn782860.aspx
The same message is said in the MVA video: https://mva.microsoft.com/en-US/training-courses/solving-office-365-client-deployment-scenarios-9086...
at 00:34:00 but they don't succeed in demoing it... "With ADFS it will be seamless, you won't be prompted for a login"
Jan 24 2017 05:19 PM
Hi Sonia,
We have deployed Office 365 ProPlus on Remote Desktop Servers for few of our clients. All of them are getting prompted to re-authenticate every now and then. One of the clients has no proxy either but they are always prompted to re-authenticate every 30-40 days on their terminal server.
Have you seen or heard about this behaviour before? It is a pain for the clients with a large number of Terminal Server users.
Thanks in advance.
Madhu
Feb 03 2017 05:38 AM
Seen this article? https://technet.microsoft.com/en-us/library/dn782859.aspx
If using roamig profiles, exclude this location \AppData\Local\Microsoft\Office\16.0\Licensing and don`t use %localAppData%\Microsoft\Office\16.0\Licensing to exclude
Have seen license issues on RDS farm at a customer, who was excluding %localAppData%\Microsoft\Office\16.0\Licensing on request of a Microsoft engeineer, when changed to \AppData\Local\Microsoft\Office\16.0\Licensing it al worked fine.
Feb 03 2017 08:29 AM
Feb 03 2017 10:01 AM
Feb 06 2017 04:55 PM
Thanks Peter.
However I don't see anywhere in that article mentioning about excluding those folders or am I really not reading it right :)
Also AppData/Local folder is not redirected, only AppData\Roaming folder is redirected but license tokens are not saved in there. So I am not sure what is causing this.
I met another guy from a company who used to have the same issue with their client and they just told the clients that they are required to sign-in every day coz they couldnt find the cause of it. But lack of posts regarding this issue on the Internet tells me either we are doing something so wrong (even though we configure it using Microsoft whitepaper) or this is the way it is supposed to work!?
Aug 30 2020 06:50 AM
I know this is old post but..
I believe they are referring to the exclusion list for local app data by adding the path the the exclusion to allow it to propagate as part of roaming profile.
Example here
https://4sysops.com/archives/include-and-exclude-folders-in-roaming-user-profiles/