SSO issues in Word and Excel, but not Outlook

Copper Contributor



Strange issue started a month ago at a customer site. They use RDS with Office 365 installed. Historically this has been working fine, then it randomly stopped signing in properly for all users. We can't point it down to anything specific however. Network / User / Settings all look good.


What is strange is on first login to Outlook, it says it's done SSO but says unlicensed. A simple restart then would show it licensed. We have managed to work round that issue by saving the license folder \appdata\local\microsoft\office\ to the UPD. 

So for this, a month ago, new and existing users would just sign in and it worked. Then something changed and users were being asked to sign in every time. So we have made this change to include \appdata\local to the UPD - now users only see this problem once (a month). While not as good as it was a month ago, it is acceptable.


However, and this is what I need help with. SSO is NOT working at all from Word / Excel.

Open Word

Blank Micrsoft Sign In box pops up.

You have to type username and hit enter

You then have to type your password and hit Sign In

That popup then goes away, but at the tope right of Word, it still shows "Sign In".

When you go to Account, it still has a Sign in box.

BUT... if you now close and reopen word, both of those show the signed in user.


The problem here is that this doesn't persist over the UPD, so happens every time the users open Word or Excel. As this is used by a business app to open docs, it's actually breaking the process and we need to fix this.


I have been having a look at SSO info, because it feels like something fairly low level has changed with how this works, but can't find anything helpful, hence posting here after about a month of searching and trying things.


It's not very helpful when you have MS links like: 

How to use Remote Connectivity Analyzer to troubleshoot single sign-on issues for Microsoft 365, Azure, or Intune


How to run Remote Connectivity Analyzer to test SSO authentication

To run Remote Connectivity Analyzer to test SSO authentication, follow these steps:

  1. Open a web browser, and then browse to


However, that page just hangs with LOADING written on it. Then on the change notes for this page we see that it was removed in 2022!


Version 4.0.15 (October 2022)

  • Removed the Single Sign-on Test now that basic authentication in Exchange Online is being disabled.


Quick note on the setup. 

AD is synced to Entra using Entra Connect (Password Hash Sync + SSO enabled), latest version. SSO URLs are added to Internet trusted sites as per setup instructions. Network has been tested and all URLS accessible and working for the user. User is on RDS on fully updated Server 2016 and is on the latest Office 365 app updates.


So I guess my first question is:


1) Does SSO still work for Word and Excel?

Is it a realistic expectation that the user will sign in to the PC and then Word and Excel will automatically sign in for the user (proper seamless single sign on) like it was doing only a month or so ago?


2) What can I do to test and troubleshoot this if it should be working?

I have been trying for a month, so I have already tried a lot of things. But maybe I am missing some tests?


Any info to help get this working again (or that it's no longer possible and we missed that instruction from MS) would be ideal.


Thanks in advance


6 Replies

A lot of people are currently experiencing a similar issue with SSO.
It might be due to the fact that Microsoft is after changing the Windows Single sign on experience. In order to be compliant with the Digital Markets Act (DMA) within the European Economic Area (EEA), Microsoft has started altering how Windows operates to align with global regulations like the DMA. One significant change involves the sign-in process for apps on Windows.
If you look at the sign-in logs for the users and see error code 9002341 or similar with the failure reason being "User is required to permit SSO", have a read through my blog post below.

Hopefully this helps.
That sounded really hopeful, but sadly it's not that. I don't see any failures in the sign in logs for the Office sign ins.

What is weird is that SSO does work if you launch Outlook twice. Yet it will never automatically work if you launch Word or Excel as many times as you like.

It definitely feels like something is happening with Office itself all of a sudden, or maybe Windows Server... but if that was the case I would expect this to impact more people and see more posts about this. Having done a "in the last month" search for this, very few hits.
Actually, slight amendment to that. SSO works normally from Outlook, it's just the license took 2 logins to pull down until we started saving the \appdata\local\microsoft\office folder.

However, on a new login you can do the following.

1) Start word, get prompted to sign in via pop up.
2) cancel and close Word.
3) Start word, get prompted to sign in via pop up.
4) cancel and close Word.
5) Start word, get prompted to sign in via pop up.
6) cancel and close Word.
7) You can do this all day...
8) START OUTLOOK. A sign in window pops up and does something automatically and signs you in. (proper seamless SSO).
9) Start Word, it's signed in.

So, SSO is working in Outlook, but not Word or Excel.

SSO also works as expected to share - login happens seamlessly, nothing to type in etc.

It's just Word and Excel that it doesn't work for.
Sorry my suggestion didn't work. That's a really strange issue your customer is experiencing.
It's either something to do with licensing or perhaps a Windows update if it's all been working fine up until about a month ago.
I would probably try to delete Office365 credentials saved in the credential manager if that's not too much of a hassle, then try and sign into Outlook, once signed in, within the Outlook app go File> Office Account > update license, then restart the app and try and open up Word and Excel afterwards and see if they still go into an authentication loop.
I did hear about Word and Excel issues (not necessarily authentication related) when some of our customers assigned Copilot licenses for example.
Do any of the logs (Entra ID + Event viewer etc.) show any errors/ interrupted sign ins at all?

I've tried most if not all of that already. Not about till next week to try anything else but in summary.

Have tried this with a brand new profile (nothing to clear from cred mgr etc). Same problems.

Have tried rolling back updates, again same deal (which surprised me, as I was sure it would be updates).

Copilot is not used in the estate.

There are no errors showing in the logs on the client / RDS / AD / Entra.

I have even tried running Fiddler and WireShark to see if I could find something being blocked, but nothing.

More testing will be done next week. Thanks for your reply.
We're experiencing the same issue. When starting word, there's no SSO experience, we get a login prompt. After which we get notices about usage. If we don't log on office isn't licensed. We also use shared computer licensing. If we log on, that's ok. I would grately appreciate it if you would keep me/us posted on your progress. I'll do the same, if I make any progress.