SSO issues in Word and Excel, but not Outlook
Hi,
Strange issue started a month ago at a customer site. They use RDS with Office 365 installed. Historically this has been working fine, then it randomly stopped signing in properly for all users. We can’t point it down to anything specific however. Network / User / Settings all look good.
What is strange is on first login to Outlook, it says it’s done SSO but says unlicensed. A simple restart then would show it licensed. We have managed to work round that issue by saving the license folder appdatalocalmicrosoftoffice to the UPD.
So for this, a month ago, new and existing users would just sign in and it worked. Then something changed and users were being asked to sign in every time. So we have made this change to include appdatalocal to the UPD – now users only see this problem once (a month). While not as good as it was a month ago, it is acceptable.
However, and this is what I need help with. SSO is NOT working at all from Word / Excel.
Open Word
Blank Micrsoft Sign In box pops up.
You have to type username and hit enter
You then have to type your password and hit Sign In
That popup then goes away, but at the tope right of Word, it still shows “Sign In”.
When you go to Account, it still has a Sign in box.
BUT… if you now close and reopen word, both of those show the signed in user.
The problem here is that this doesn’t persist over the UPD, so happens every time the users open Word or Excel. As this is used by a business app to open docs, it’s actually breaking the process and we need to fix this.
I have been having a look at SSO info, because it feels like something fairly low level has changed with how this works, but can’t find anything helpful, hence posting here after about a month of searching and trying things.
It’s not very helpful when you have MS links like:
How to use Remote Connectivity Analyzer to troubleshoot single sign-on issues for Microsoft 365, Azure, or Intune
https://learn.microsoft.com/en-us/microsoft-365/troubleshoot/active-directory/single-sign-on-issues
How to run Remote Connectivity Analyzer to test SSO authentication
To run Remote Connectivity Analyzer to test SSO authentication, follow these steps:
Open a web browser, and then browse to https://www.testconnectivity.microsoft.com/tests/SingleSignOn/input.
However, that page just hangs with LOADING written on it. Then on the change notes for this page we see that it was removed in 2022!
Version 4.0.15 (October 2022)
Removed the Single Sign-on Test now that basic authentication in Exchange Online is being disabled.
Quick note on the setup.
AD is synced to Entra using Entra Connect, latest version. SSO URLs are added to Internet trusted sites as per setup instructions. Network has been tested and all URLS accessible and working for the user. User is on RDS on fully updated Server 2016 and is on the latest Office 365 app updates.
So I guess my first question is:
1) Does SSO still work for Word and Excel?
Is it a realistic expectation that the user will sign in to the PC and then Word and Excel will automatically sign in for the user (proper seamless single sign on) like it was doing only a month or so ago?
2) What can I do to test and troubleshoot this if it should be working?
I have been trying for a month, so I have already tried a lot of things. But maybe I am missing some tests?
Any info to help get this working again (or that it’s no longer possible and we missed that instruction from MS) would be ideal.
Thanks in advance
Hi, Strange issue started a month ago at a customer site. They use RDS with Office 365 installed. Historically this has been working fine, then it randomly stopped signing in properly for all users. We can’t point it down to anything specific however. Network / User / Settings all look good. What is strange is on first login to Outlook, it says it’s done SSO but says unlicensed. A simple restart then would show it licensed. We have managed to work round that issue by saving the license folder appdatalocalmicrosoftoffice to the UPD. So for this, a month ago, new and existing users would just sign in and it worked. Then something changed and users were being asked to sign in every time. So we have made this change to include appdatalocal to the UPD – now users only see this problem once (a month). While not as good as it was a month ago, it is acceptable. However, and this is what I need help with. SSO is NOT working at all from Word / Excel.Open WordBlank Micrsoft Sign In box pops up.You have to type username and hit enterYou then have to type your password and hit Sign InThat popup then goes away, but at the tope right of Word, it still shows “Sign In”.When you go to Account, it still has a Sign in box.BUT… if you now close and reopen word, both of those show the signed in user. The problem here is that this doesn’t persist over the UPD, so happens every time the users open Word or Excel. As this is used by a business app to open docs, it’s actually breaking the process and we need to fix this. I have been having a look at SSO info, because it feels like something fairly low level has changed with how this works, but can’t find anything helpful, hence posting here after about a month of searching and trying things. It’s not very helpful when you have MS links like: How to use Remote Connectivity Analyzer to troubleshoot single sign-on issues for Microsoft 365, Azure, or Intunehttps://learn.microsoft.com/en-us/microsoft-365/troubleshoot/active-directory/single-sign-on-issues How to run Remote Connectivity Analyzer to test SSO authenticationTo run Remote Connectivity Analyzer to test SSO authentication, follow these steps:Open a web browser, and then browse to https://www.testconnectivity.microsoft.com/tests/SingleSignOn/input. However, that page just hangs with LOADING written on it. Then on the change notes for this page we see that it was removed in 2022! Version 4.0.15 (October 2022)Removed the Single Sign-on Test now that basic authentication in Exchange Online is being disabled. Quick note on the setup. AD is synced to Entra using Entra Connect, latest version. SSO URLs are added to Internet trusted sites as per setup instructions. Network has been tested and all URLS accessible and working for the user. User is on RDS on fully updated Server 2016 and is on the latest Office 365 app updates. So I guess my first question is: 1) Does SSO still work for Word and Excel?Is it a realistic expectation that the user will sign in to the PC and then Word and Excel will automatically sign in for the user (proper seamless single sign on) like it was doing only a month or so ago? 2) What can I do to test and troubleshoot this if it should be working?I have been trying for a month, so I have already tried a lot of things. But maybe I am missing some tests? Any info to help get this working again (or that it’s no longer possible and we missed that instruction from MS) would be ideal. Thanks in advance Read More
