Jun 10 2024 07:31 AM - edited Jun 10 2024 08:40 AM
Hi,
Strange issue started a month ago at a customer site. They use RDS with Office 365 installed. Historically this has been working fine, then it randomly stopped signing in properly for all users. We can't point it down to anything specific however. Network / User / Settings all look good.
What is strange is on first login to Outlook, it says it's done SSO but says unlicensed. A simple restart then would show it licensed. We have managed to work round that issue by saving the license folder \appdata\local\microsoft\office\ to the UPD.
So for this, a month ago, new and existing users would just sign in and it worked. Then something changed and users were being asked to sign in every time. So we have made this change to include \appdata\local to the UPD - now users only see this problem once (a month). While not as good as it was a month ago, it is acceptable.
However, and this is what I need help with. SSO is NOT working at all from Word / Excel.
Open Word
Blank Micrsoft Sign In box pops up.
You have to type username and hit enter
You then have to type your password and hit Sign In
That popup then goes away, but at the tope right of Word, it still shows "Sign In".
When you go to Account, it still has a Sign in box.
BUT... if you now close and reopen word, both of those show the signed in user.
The problem here is that this doesn't persist over the UPD, so happens every time the users open Word or Excel. As this is used by a business app to open docs, it's actually breaking the process and we need to fix this.
I have been having a look at SSO info, because it feels like something fairly low level has changed with how this works, but can't find anything helpful, hence posting here after about a month of searching and trying things.
It's not very helpful when you have MS links like:
https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/active-directory/single-sign-on-issues
To run Remote Connectivity Analyzer to test SSO authentication, follow these steps:
Open a web browser, and then browse to https://www.testconnectivity.microsoft.com/tests/SingleSignOn/input.
However, that page just hangs with LOADING written on it. Then on the change notes for this page we see that it was removed in 2022!
Quick note on the setup.
AD is synced to Entra using Entra Connect (Password Hash Sync + SSO enabled), latest version. SSO URLs are added to Internet trusted sites as per setup instructions. Network has been tested and all URLS accessible and working for the user. User is on RDS on fully updated Server 2016 and is on the latest Office 365 app updates.
So I guess my first question is:
1) Does SSO still work for Word and Excel?
Is it a realistic expectation that the user will sign in to the PC and then Word and Excel will automatically sign in for the user (proper seamless single sign on) like it was doing only a month or so ago?
2) What can I do to test and troubleshoot this if it should be working?
I have been trying for a month, so I have already tried a lot of things. But maybe I am missing some tests?
Any info to help get this working again (or that it's no longer possible and we missed that instruction from MS) would be ideal.
Thanks in advance
Jun 10 2024 03:33 PM
Jun 11 2024 01:36 AM
Jun 11 2024 07:27 AM
Jun 11 2024 03:06 PM
Jun 12 2024 09:34 AM
Jun 12 2024 07:57 PM
Jun 17 2024 08:57 AM
Jun 17 2024 09:23 AM
Jun 24 2024 01:07 AM
Jul 01 2024 07:35 AM
Jul 02 2024 07:35 PM
Jul 03 2024 08:35 AM
Jul 03 2024 08:42 AM - edited Jul 03 2024 08:47 AM
Please forgive the copy/paste formatting, but try this - it solved the privacy pop-up for us.
Microsoft Office 2016/First Run
Policy Setting
Disable First Run Movie Enabled
Disable Office First Run on application boot Enabled
Microsoft Office 2016/Privacy/Trust Center
Policy Setting
Allow the use of additional optional connected experiences in Office Disabled
Allow the use of connected experiences in Office Enabled
Allow the use of connected experiences in Office that analyze content Enabled
Allow the use of connected experiences in Office that download online content Enabled
Allow users to include screenshots and attachments when they submit feedback to Microsoft Disabled
Allow users to receive and respond to in-product surveys from Microsoft Disabled
Allow users to submit feedback to Microsoft Disabled
Configure the level of client software diagnostic data sent by Office to Microsoft Enabled
Type of diagnostic data: Neither
Policy Setting
Disable Opt-in Wizard on first run Enabled
Enable Customer Experience Improvement Program Disabled
Send personal information Disabled
Though if you just want the privacy one, I think the one you are looking for is this one:
Allow the use of additional optional connected experiences in Office Disabled
We have an active ticket with MS Support to see if we can find why Word will no longer do SSO. But given your findings with MS "Support" I am not holding much hope any longer.
Jul 03 2024 08:52 AM
Jul 08 2024 08:49 AM - edited Jul 08 2024 08:49 AM
@DivideByZero May I ask where you are based (or rather the company)? I'm swiss and this exact issue is bugging several of our domestic customers right now. I thought that maybe something's off with swiss tenants as they're not an EU member and DMA legislation has not been implemented yet (AFAIK).
Jul 22 2024 08:18 AM