Apr 12 2023 06:05 AM
Apr 12 2023 06:05 AM
Our organization is deploying Office 365 Enterprise Apps, after installation and when attempting to activate the product after launching an Office App the sign-in is directed through our 2FA as designed but the login is denied.
When investigating the login failure, our 2FA system is reporting that the login sourced from User Agent "Edge WebView 18.19044" - which from my investigation indicates Legacy Edge WebView. This login is denied due to being an unsupported browser
From what I understand the O365 login runtime should be using Edge WebView2 and if it were, the login should be allowed since WebView2 is Chromium Edge based (which is supported)
Our environment should meet the requirements for O365 to be able to use WebView2:
OS: Windows 10 21H2
Office 365 Apps Version: 22.214.171.124.20238
Microsoft Edge WebView2 Runtime Version: 112.0.1722.34
I've attempted to uninstall and reinstall WebView2 on multiple machines with no luck.
Any idea as to what is causing the O365 activation to appear to use Legacy Edge WebView rather than WebView2? Any suggestions to try and force the usage of WebView2? Any tools that can be used to further confirm the O365 activation prompt is using Legacy WebView instead of WebView2?
Any help is appreciated!
May 03 2023 12:42 PM
May 04 2023 06:14 AM
Jul 03 2023 08:35 AM
Jul 03 2023 08:43 AM
Unfortunately we've yet to find a solution.. we've been trying to contact Microsoft on the issue, but due to an unrelated issue with our Tenant we are having trouble opening the appropriate case. If you have support capabilities with Microsoft it may very well be worth trying to get them to take a look with you.
While it's reassuring that we're not alone in this, it's unfortunate that you're in the same boat with not being able to find a solution. I'll definitely update this post if/when we find an answer on this behavior.
Aug 24 2023 08:07 AMSolution
We finally got a case opened with Microsoft on this. After working together to examine the behavior, they were able to confirm that the login was indeed using Legacy Edge WebView - but they detailed that this is working as intended/designed. They stated that the Microsoft 365 products like Office 365 and Teams, use the "Microsoft.AAD.BrokerPlugin" for the authentication process, and that plugin is currently only built to use the legacy edge webview engine and will therefore report the user agent string as Edge/18.X. There's no process to force it to Edge WebView2 as it isn't designed for that yet
They further detailed that there is no way to redirect the sign-in to a different method like a browser.
If it helps anyone else, the way we confirmed what was being used by the system was by running a ProcMon monitor, examining the "Microsoft.AAD.BrokerPlugin.exe" process that runs when the signin window appears, and examining that stack determined it was calling edgehtml.dll which is legacy edge webview.