I’m in the process of migrating my Citrix Virtual Apps environment from Windows Server 2012 R2 to Windows Server 2019. After I moved a few users to the new Virtual Delivery Agents, I almost instantly noticed Microsoft 365 Apps (until now known as Office 365 ProPlus) sign-in did not work. My environment is configured with Single sign-on (SSO) and ADFS, so the users should never be prompted for a sign-in – but they where. And the biggest issue was that when they entered their e-mail address, the sign-in box turned into a blank white box.
Since my SSO is working just fine from the old Windows Server 2012 R2 VDA servers, and any GPOs are the same in both environments, I knew something was up with Server 2019. According to this blog post from Microsoft, there should be no compatibility issues. But in fact there are.
After some research, I found out that Microsoft is since build 16.0.7967 of Microsoft 365 Apps using WAM (Web Account Manager) as the sign-in method, instead of the old ADAL (Azure Active Directory Authentication Library) method. Despite it should work on Server 2019, it doesn’t. As for now, I’m not sure if it’s a general issue or something connected to my specific environment.
Anyhow, I found a few blog posts (for instance this post) on how to disable WAM using the registry. Just make a GPP adding the following registry key to all users:
That did the trick for me, i.e. no more sign-in box at all! If that doesn’t help, add the following registry key as well:
Remember – this is not a supported or preferred solution. It’s a dirty workaround, and the main issue should be solved as soon as possible.