Jul 31 2017 04:59 PM
Today users in our tenant began getting prompted to try a new sign-in experience for Office 365. It looks a little different, but I'm unable to find documentation about what exactly has changed, and why?
I just want to be able to answer the inevitible questions that come up. Some of our users have already checked to see if they were getting phished.
Aug 08 2017 06:07 AM
My view of the developing issue... Posted to highlight the need for better communication within MIcrosoft and between Microsoft and its customers.
The Azure AD team changed the sign-in experience used by services like Office 365 to improve and rationalize it. But things didn’t work out so well as tenants reacted badly to the way Microsoft communicated the change. Or rather, failed to communicate the change.
https://www.petri.com/azuread-sign-changes-cause-problems-office-365
Aug 08 2017 10:01 AM
Hey Robert - we rolled out a fix to the Office 2010 issue and users should now be unblocked.
Also, AFAIK, there are no plans to change how Office 2010 does auth. The UI might change, but not protocol.
Aug 08 2017 10:14 AM
Hey everyone, we rolled out a fix for the Office 2010 issue and users should be unblocked now. Thanks to Scott and Cary for the invaluable help with debugging this issue and thanks everyone for your patience.
As mentioned in an earlier reply, the new experience is solely a UI change and there's no change to protocol. Discussions about modern auth being forced in Office 2010 are inaccurate.
We're tracking one more issue: Prompts showing up asking users to pick an account which is affecting SSO and PTA for some users. This is caused by an unrelated change Office 365 pushed out at around the same time as our release. I'm tracking the fix with that team and will provide an update when I know more.
Aug 09 2017 12:46 AM
Hi,
where can we find the fix?
Thanks
Aug 09 2017 12:49 AM
Any information about the fix.
I still see the 'operation cancelled due to restrictions' in our WIndows7/ Office 2010 environment. Anyone else still have issues?
Specificaly mine is when opting for the new experience again at the point of opening a document from onedrive in local word and redirect from the my-sharepoint pages as soon as I select the account I want to use the autologin box kicks in then I get the warning.
Aug 09 2017 11:22 AM
This is a server-side fix, so there's nothing you need to do to get the fix.
Aug 09 2017 11:46 AM
Aug 10 2017 02:16 AM
Hi,
In our Tenant we still having the issue trying to edit office documents with office 2010.
any advise?
Regards
Aug 10 2017 03:20 AM - edited Aug 10 2017 04:42 AM
We are still seeing the same issues. Maybe we have a differnet issue. Can anyone here confirm the same symptoms?
It allows us to download the file or edit in browser, but the edit in Word option gives us an additional log in session/ credentials check, if I opt to use the new I get the error if I go back to the old I can get in fine.
If the fix is deployed it's a little worrying.
We are heavily pushing use of Onedrive over USB drives and this will cause some issues and lack of confidence if staff and students find files unable to edit in the full packages.
Aug 10 2017 11:02 AM
Aug 12 2017 11:02 AM
@Kelvin Xia the MSDN subscription page (well the new one, my.visualstudio.com) does NOT work correctly with the new sign-in experince. It ends up in a login loop.
Aug 12 2017 11:56 AM
Sep 19 2017 10:00 AM
Really pleased to see advanced notice being given for further changes to the new sign in experience. Like today's news about the new “Keep me signed in” experience and also the changes to the multi-factor authentication screens in the Message center post. This gives us the advance notice many of us are looking for and time to get ready for these changes. It's much appreciated!
Nov 17 2017 07:44 AM
Ya, so we have this slick Azure AD app installed on our on-premise Sharepoint hooked up to ADFS that presents users Office 365 mail and calendar in our SP portal site. Seemless SSO using angular and adal. All they do is sign in to our ADFS login and wait for a couple of page refreshes and it all loads in. Now our users get interrupted with this?
Nov 17 2017 09:08 AM
You can disable that in the Azure AD admin center if you go to the edit company branding screen and toggle "show option to remain signed in" to "no".
Nov 19 2017 11:28 AM
@Bill Barnwell there's a detailed discussion on this here: https://techcommunity.microsoft.com/t5/Azure-Active-Directory/The-new-Azure-AD-sign-in-and-Keep-me-s...
Nov 20 2017 12:21 AM
Nov 20 2017 11:50 PM
Nov 20 2017 11:56 PM
Now I'm not seeing the prompt at all, for cloud-only IDs as well. It's not disabled in the branding, and I've tried it on another tenant just to be sure.
Nov 21 2017 12:32 AM
OK, now it's showing again... sometimes :) I guess code is still propagating through the service...