Microsoft 365 Apps Sign-in from Windows Server 2019

I’m in the process of migrating my Citrix Virtual Apps environment from Windows Server 2012 R2 to Windows Server 2019. After I moved a few users to the new Virtual Delivery Agents, I almost instantly noticed Microsoft 365 Apps (until now known as Office 365 ProPlus) sign-in did not work. My environment is configured with Single sign-on (SSO) and ADFS, so the users should never be prompted for a sign-in – but they where. And the biggest issue was that when they entered their e-mail address, the sign-in box turned into a blank white box.

Since my SSO is working just fine from the old Windows Server 2012 R2 VDA servers, and any GPOs are the same in both environments, I knew something was up with Server 2019. According to this blog post from Microsoft, there should be no compatibility issues. But in fact there are.

After some research, I found out that Microsoft is since build 16.0.7967 of Microsoft 365 Apps using WAM (Web Account Manager) as the sign-in method, instead of the old ADAL (Azure Active Directory Authentication Library) method. Despite it should work on Server 2019, it doesn’t. As for now, I’m not sure if it’s a general issue or something connected to my specific environment.

Anyhow, I found a few blog posts (for instance this post) on how to disable WAM using the registry. Just make a GPP adding the following registry key to all users:

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableADALatopWAMOverride"=dword:00000001

That did the trick for me, i.e. no more sign-in box at all! If that doesn’t help, add the following registry key as well:

[HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity]
"DisableAADWAM"=dword:00000001

Remember – this is not a supported or preferred solution. It’s a dirty workaround, and the main issue should be solved as soon as possible.

0

2 thoughts on “Microsoft 365 Apps Sign-in from Windows Server 2019”

  1. Thanks it works nice… I have the same issue for Skype and MS Teams… and those regkeys are not fixing it for Skype or Teams… but it does fix it for office.
    Any clue of how this can be fixed?? 🙂

    0

Leave a Reply

Your email address will not be published. Required fields are marked *