Office 365 Activation + ADFS OR AzureAD Seamless SSO + Login Window appears

Hi,

I´ve been redirected to this forum here, so I´ll try my luck here:

We are just evaluating Office 365 and set up Windows 10 Test Clients from the Scratch with Version 1903 and installed Office 365 ProPlus Version 1908 Build 11929.20752.

We´ve got the Issue that Users Start an Office Program for the first time and they get the Logon-Dialog to activate Office:

In the upper right Corner we can see that the user is "signed in", but the seamless Office Activation does not work.

We tested both Azure AD Connect configured with Seamless SSO (without Password Hash Sync) and also set up ADFS. Currently we have ADFS in place.

I believe that all necessary URL´s are in the Intranet Zone List. When we call the ADFS URL like this  we are logged in without any issue.

We checked the infrastructure with the test-account in the microsoft remote connectivity analyzer. -> No issues, everything green.

I also tried to capture the webrequests with fiddler when starting office. There I could see while starting an Office app until the login window appears, NO webrequest is being performed!

It looks like that Office "is missing" some "local config" in order to activate seamlessly.

When we click on the logon button and enter the correct UPN / mailaddress and click next we are logged in without entering a password and office gets activated and the computername is also displayed in the office activations of the userobject in the O365-Portal.

Shared Computer Activation is not enabled. No Roaming Profiles, just local.

Has anyone an Idea what´s happening there or how we can solve that Issue (Microsoft)?

Activation should be possible seamlessly, without entering the e-mail address...

I can confirm that O365 Version 1902 (Build 11328.20468) does not behave like that. This Version activates without any prompts...

Furthermore I can confirm that this issue also occurs in the monthly Version 2004 (Build 16.0.12730.20250)

Moved from: Install, upgrade and activate / Windows 10 / Office 2019

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

Dear JensRTM,

Thanks for posting the thread on our forum.

To confirm your environment, could you confirm the following?

1. It seems that you configured ADFS with Seamless SSO. If yes, are you successfully redirected to the Azure AD sign-in page when you log into portal.office.com with your account as what is mentioned in the article?

2. Regarding "I can confirm that O365 Version 1902 (Build 11328.20468) does not behave like that. This Version activates without any prompts...", do you install the Office applications with Office Deployment Tool and the Office applications are automatically activated when you first open the Office applications?

3. Do you install the Office applications with Office Deployment Tool?

Best Regards,

Cliff

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps, as it will be beneficial to more community members reading here.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hello Cliff,

thanks for your reply.

To 1)

Currently we "only" have ADFS running. First, we had Azure ADConnect running with seamless SSO configured. That configuration brought the same issue as right now with ADFS configured. - Usage of ADFS and Seamless SSO in parallel is not possible.

When Seamless SSO was in place, we were successfully redirected to the Azure AD sign-in page.

With ADFS in place, it behaves like that:

- We use Internet Explorer 11 for test purposes and call Url portal.office.com.

- Enter the e-mail address of the licensed test-account

- Redirect to ADFS is done. - No need to enter password. - We are finally redirected to the Office 365 Welcome Page of the logged in user

To 2)

Yes, all tested versions are installed with the (most) current available version of the ODT at the moment.

Yes, Version 1902 is installed via ODT, but without the "autoactivate" - Option in the configuration.xml

When starting Office for the first time, office gets activated.

To 3)

Yes, all tested versions are installed with the (most) current available version of the ODT at the moment.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Dear JensRTM,

Thanks for your updates.

I may need some time to set up the environment to do a test. I'll update here as soon as possible.

Best Regards,

Cliff

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps, as it will be beneficial to more community members reading here.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Dear JensRTM,

I may still need some time to set up the environment and do more tests.

In the meantime, could you provide a full screenshot of the Account page in the Office applications you are using for our reference? You can access the page via clicking on File>Account.

Note: Remove any private information before uploading the screenshots.

Best Regards,

Cliff

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps, as it will be beneficial to more community members reading here.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Cliff,

thanks for your reply.

Here is the requested Screenshot:

Kind regards

Jens

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Dear Jens,

Thanks for your updates and providing the screenshot.

I'm now in the final step of the environment. I'll post an update quickly to see if the feature works with the version of the Office applications in your environment.

Best Regards,

Cliff

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps, as it will be beneficial to more community members reading here.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Dear Jens,

Sorry for the delayed reply.

Yes, based on my test, with the Azure AD Seamless SSO configuration, the Office applications will be logged with the user's Azure AD Connect account on his domain-joined computer when he opens the Office applications first time without activation even though the Office applications are installed via ODT.

So I think that the issue in your environment may be related to the Office applications' versions. I do a test with Version 2005 (Build 12827.20210) without issues in our environment. The issue may be fixed in the future versions. If it is convenient, I also suggest you do a test to see the result in your environment as well.

Best Regards,

Cliff

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps, as it will be beneficial to more community members reading here.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Hi Cliff,

I just tested it with the Version 2005 (Build 12827.20210) right now. - Just to mark for anyone else: This Version is the "Insiders" Version

Unfortunately, I´ve got the same behaviour.

After I entered the e-mail address, Office gets activated without password-prompt....

Just to mark: We have currently ADFS in place.

I could also switch back to Azure AD Seamless SSO and test again...

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

I just switched back to Seamless SSO again.

The domain has been unfederated and is displayed as "managed"

I launched an Internet Explorer on the test-client and entered the url https://portal.office.com

When I entered the e-mail address, I´ve been logged in without entering a password.

I tried to start the clean office (2005 Version) but I get the same behaviour again like with ADFS...

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

Dear Jens,

Thanks for your updates.

Regarding "I launched an Internet Explorer on the test-client and entered the url https://portal.office.com When I entered the e-mail address, I´ve been logged in without entering a password.", do you need to type the username account when you go to portal.office.com in your Azure AD Seamless SSO environment?

If yes, the Azure AD Seamless SSO environment may not be configured successfully. When you go to portal.office.com, the account should be logged in without any action.

So I'd like to confirm whether you join the computer into the same domain as your Microsoft 365 tenant such as you log into the computer with the account username@contoso.com, the domain showed in System is contoso.com (go to Control Panel>System and Security>System) and log into portal.office.com with username@contoso.com. 

Please upload the full screenshots like the following without any private information in the private message for our reference as well.

The Azure AD Seamless SSO settings in the Azure portal.

The domain showed in System on your computer.

The account showed at the top of the Office applications' page.

The domain in the Microsoft 365 admin center.

Thanks for your effort.

Cliff

* Beware of scammers posting fake support numbers here.

* Kindly Mark and Vote this reply if it helps, as it will be beneficial to more community members reading here.

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.

* Please try a lower page number.

* Please enter only numbers.

* Please try a lower page number.

* Please enter only numbers.

 
 

Question Info


Last updated June 23, 2020 Views 173 Applies to: