Azure AD
9 TopicsSSO issues in Word and Excel, but not Outlook
Hi, Strange issue started a month ago at a customer site. They use RDS with Office 365 installed. Historically this has been working fine, then it randomly stopped signing in properly for all users. We can't point it down to anything specific however. Network / User / Settings all look good. What is strange is on first login to Outlook, it says it's done SSO but says unlicensed. A simple restart then would show it licensed. We have managed to work round that issue by saving the license folder \appdata\local\microsoft\office\ to the UPD. So for this, a month ago, new and existing users would just sign in and it worked. Then something changed and users were being asked to sign in every time. So we have made this change to include \appdata\local to the UPD - now users only see this problem once (a month). While not as good as it was a month ago, it is acceptable. However, and this is what I need help with. SSO is NOT working at all from Word / Excel. Open Word Blank Micrsoft Sign In box pops up. You have to type username and hit enter You then have to type your password and hit Sign In That popup then goes away, but at the tope right of Word, it still shows "Sign In". When you go to Account, it still has a Sign in box. BUT... if you now close and reopen word, both of those show the signed in user. The problem here is that this doesn't persist over the UPD, so happens every time the users open Word or Excel. As this is used by a business app to open docs, it's actually breaking the process and we need to fix this. I have been having a look at SSO info, because it feels like something fairly low level has changed with how this works, but can't find anything helpful, hence posting here after about a month of searching and trying things. It's not very helpful when you have MS links like: How to use Remote Connectivity Analyzer to troubleshoot single sign-on issues for Microsoft 365, Azure, or Intune https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/active-directory/single-sign-on-issues How to run Remote Connectivity Analyzer to test SSO authentication To run Remote Connectivity Analyzer to test SSO authentication, follow these steps: Open a web browser, and then browse tohttps://www.testconnectivity.microsoft.com/tests/SingleSignOn/input. However, that page just hangs with LOADING written on it. Then on the change notes for this page we see that it was removed in 2022! Version 4.0.15 (October 2022) Removed the Single Sign-on Test now that basic authentication in Exchange Online is being disabled. Quick note on the setup. AD is synced to Entra using Entra Connect (Password Hash Sync + SSO enabled), latest version. SSO URLs are added to Internet trusted sites as per setup instructions. Network has been tested and all URLS accessible and working for the user. User is on RDS on fully updated Server 2016 and is on the latest Office 365 app updates. So I guess my first question is: 1) Does SSO still work for Word and Excel? Is it a realistic expectation that the user will sign in to the PC and then Word and Excel will automatically sign in for the user (proper seamless single sign on) like it was doing only a month or so ago? 2) What can I do to test and troubleshoot this if it should be working? I have been trying for a month, so I have already tried a lot of things. But maybe I am missing some tests? Any info to help get this working again (or that it's no longer possible and we missed that instruction from MS) would be ideal. Thanks in advance4.2KViews0likes18CommentsHow to exclude none Entra registered devices from 365 app update
Hi, Looking for some advice if possible, we have been using the 365 app update for all of our devices and the inventory has imported our Citrix virtual machines, the knowledge base articles suggest to exclude these through an Entra AD group, We are unable to do this as these machines are not Entra registered, they just have 365 apps installed on them. These VM's are none persistent and the updates have been causing issue to users during the day when working so we have paused the update on all devices for now. Thanks in advance!Some users cannot be tagged in office documents despite the same configuration in Entra
Hello, We just started to use SharePoint for our new scope of projects, and we found that some (like 75% of the company) users can't be tagged in documents. I tried to replicate it for SP and multiple types of Office365 with the same result. It's not connected with the time of creation (user created yesterday can be tagged, user created a month ago - can't, the one year old - can), licences, group assignment. Users can have a same configuration in Entra, and I can summon one, while the second is invisible to the system. Any suggestions?User Authentication Bandwith
We have proposed M365 Apps for enterprise for one of the BFSI Customer. They currently use Proxy server for Connecting across internet. They have doubts if their Current setup would be able to match the authentication bandwidth requirement for M365 Apps. Do we have any idea on how much bandwidth is consumed when the user is authenticated in M365 Apps??Intune Certificate Connector Problem: Azure AD Sign-in
Hello, We are a government organization trying to configure the Intune Certificate Connector for use with PKCS certificates. Everything was going good until we got to the part where it asks us to sign in to Azure AD. When we go to log in to Azure AD in the cert. connector we choose the Intune for government cloud, then try to sign in with 3 different global admin accounts that have intune licenses assigned to them and they all say they're personal accounts and will not work. Then I tried to log in with my account that has Intune administrator privileges but Microsoft says it cannot find the account. My first question, how can we go about having Microsoft see our global admin accounts as "organization" accounts as opposed to "personal" accounts. My second question, even though all of our accounts are in the Azure AD why does my account not exist according to Microsoft? I was following this doc:https://docs.microsoft.com/en-us/mem/intune/protect/certificate-connector-installand once I got to step 6. under "configure the certificate connector" we ran in to problems using any of our accounts. We made sure all of these accounts have Intune licenses and that our accounts are all synchronized from our local AD. My manager said maybe it has something to do with our tenant because we just recently upgraded our license (through CDWG) and he noticed the tenant is not linked with an Azure subscription. He mentioned he cannot do diagnostic logs because of this, so possibly we can't add a cert connector? He also explained there may be some issues with account privileges if we do license our tenant (can anyone explain this?) but since it's been working we're not sure if the license was ever applied or just recently expired due to us upgrading our license from Office 365 to Microsoft 365 G3 GCC. Any ideas and help would be greatly appreciated!SolvedFrom where to get live meeting attendees data in Microsoft Graph.
I want to get live meeting attendees 'upn'{data} from Microsoft Graph. Using onlineMeeting.Read I can get attendees and organizer dataGet onlineMeeting - Microsoft Graph v1.0 | Microsoft Docs But I need live attendees data which shows the list of users who joined meeting. Is there a Microsoft Graph API endpoint for that?462Views0likes0Comments365 Apps not returning Device ID or Join Type
Hi all, This issue is happening on brand new install of RDS 2016 server with out of the box set up and minimal configuration for seamless sso. Device is hybrid azure ad joined, users get prt, silent sso works fine via edge/chrome/ie. The 365 apps for enterprise are not returning device ID or join type which is resulting in my CA policy to fail. It's set to require either compliant/or hybrid azure ad joined device to grant access. Device filter (exception) is failing also because no device id is reported. This is the result that is passed to Azure during silent sso on a rds 2016 server. Device info: Device ID: BLANK Browser Rich Client v3.4.1.35249 This is the CA policy Cloud apps: office 365 Conditions: any device location: any client apps: mobile apps/desktop clients Grant access: Require device to be compliant or Require hybrid azure ad joined device.Azure Conditional Access - OneDrive - Disable Download option without impacting Move/Copy option
Hi We have M365 E3 licenses We have remote workers with unmanaged(BYOD) devices who use Office 365 webapps and now we want to configure OneDrive in such a way that users should not be able to download files on their local personal PC. Using the Outlook web app policies we already restricted the mail attachment downloads and now all mai attachments can only be saved to OneDrive. Using conditional access we have restricted the download of files from OneDrive to local PC but with that the Move & copy option is also disabled. Problem is that all user attachments are saved in 1 single "attachment" folder and they are unable to copy or move it to a different folder. Is there a way we can disable the download option in OneDrive but keep the Move/copy option active for users to move files within their OneDrive account.OneNote / OneDrive / AAD Setup
Hi there, I am trying to setup AAD to manage access to OneNote but do have a few problems: 1. OneNote 2010 Login fails I am not able to login with any of the user accounts synced from our AD to AAD, because after entering the credentials the login window does disapear for a second and then pop up again empty and without an error message. Users which have created there accounts manually before the option to create a new microsoft account with a company mail address has been disabled can login to their accounts - so its neither a user / computer / network issue (tested with multiple users / computers). 2. OneNote 2016 Login fails When trying to login on OneNote 2016 I receive the message: "Unfortunately, there are server issues, so we can not add onedrive for business right now." 3. OneOnte Online not working When login in on www.onenote.com I get the message: It looks like we can not get your notebooks right now. Finish setting up your account and try again. 4. OneDrive User setup necessary for all users in AAD. If I open a user and go to OneDrive, it says: "OneDrive is not set up for this user. Ask the person to go to "portal.office.com/onedrive" to set it up. This may take some time. If this message persists after 24 hours, contact support." But after login as that user at portal.office.com there is no option to setup OneDrive displayed and I couldnt find one in the options. Is all of that connected and do I first need to setup OneDrive for Business in the admin center proberly, does every user need to setup his/her OneDrive manually (where?) or what could be the issue here? Thanks for your help!804Views0likes0Comments