Highlighted
Contributor
Contributor

DEM Teams - MFA - login every time

Jump to solution

We have been using the per-machine installer version of Teams and DEM to capture the settings. However we have never successfully been able to capture the user logins so the user has to log in each time they open a new non-persistent session.

For Teams we use Duo MFA push to log in.

If we capture the whole profile the settings persist so somewhere we are missing a setting to capture in DEM.

Any suggestions would be welcome here as I am at my wits end with this program.

Current DEM settings are as follows ( we do not use DirectFlex):

[IncludeFolderTrees]

<LocalAppData>\Microsoft\IdentityCache

<LocalAppData>\Microsoft\Teams

<LocalAppData>\Microsoft\TeamsMeetingAddin

<LocalAppData>\Microsoft\TeamsPresenceAddin

<LocalAppData>\SquirrelTemp

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

<AppData>\Microsoft\Teams

<AppData>\Microsoft Teams

<AppData>\Teams

[IncludeRegistryTrees]

HKCU\Software\Microsoft\Office\Teams

[ExcludeFolderTrees]

<AppData>\Teams\logs

<AppData>\Microsoft Teams\logs

<AppData>\Microsoft\Teams\media-stack

<AppData>\Microsoft\Teams\Service Worker

<AppData>\Microsoft\Teams\Application Cache

<AppData>\Microsoft\Teams\Cache

<AppData>\Microsoft\Teams\tmp

<AppData>\Microsoft\Teams\meeting-addin\Cache

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp

[ExcludeFiles]

<AppData>\Microsoft\Teams\*.txt

<AppData>\Microsoft\Teams\lockfile

<LocalAppData>\SquirrelTemp\SquirrelSetup.log

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Expert
Expert

Hi harlee​,

I suspect the following marked (red) item to be the reason.

[ExcludeFolderTrees]

<AppData>\Teams\logs

<AppData>\Microsoft Teams\logs

<AppData>\Microsoft\Teams\media-stack

<AppData>\Microsoft\Teams\Service Worker

<AppData>\Microsoft\Teams\Application Cache

<AppData>\Microsoft\Teams\Cache

<AppData>\Microsoft\Teams\tmp

<AppData>\Microsoft\Teams\meeting-addin\Cache

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp

Can you put a hashtag (#) at beginning of that line to exclude this (line turns green) and double check using a clean profile? Don't forget to save the config file before checking Smiley Wink.

#<AppData>\Microsoft\Teams\Cache


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com

View solution in original post

11 Replies
Highlighted
Expert
Expert

Hi harlee​,

I suspect the following marked (red) item to be the reason.

[ExcludeFolderTrees]

<AppData>\Teams\logs

<AppData>\Microsoft Teams\logs

<AppData>\Microsoft\Teams\media-stack

<AppData>\Microsoft\Teams\Service Worker

<AppData>\Microsoft\Teams\Application Cache

<AppData>\Microsoft\Teams\Cache

<AppData>\Microsoft\Teams\tmp

<AppData>\Microsoft\Teams\meeting-addin\Cache

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp

Can you put a hashtag (#) at beginning of that line to exclude this (line turns green) and double check using a clean profile? Don't forget to save the config file before checking Smiley Wink.

#<AppData>\Microsoft\Teams\Cache


\\ Ivan
---
Twitter: @ivandemes
Blog: https://www.ivandemes.com

View solution in original post

Highlighted
Contributor
Contributor

Thank you ijdemes this seems to have fixed the issue now.

0 Kudos
Highlighted
Enthusiast
Enthusiast

@ijdemes 

So, including the Cache (<AppData>\Microsoft\Teams\Cache) folder in UEM is "required" to prevent login prompts for Teams. Is that correct?

That is such a HUGE folder to load in UEM.  Does ALL of the Cache directory need to be included?  Importing such a large folder in UEM will increase login times. 

0 Kudos
Highlighted
Enthusiast
Enthusiast

I agree with you @RachelW , the cache folder can get really big. This is why I choose to use FSLogix in stead of DEM for saving he profile.

I use DEM only for saving some Windows settings and pushing ADMX based settings, shortcuts, drive mappings, reg keys, FTA's, Printer mappings, ... This way I keep logon time to a minimum (<30s)

0 Kudos
Highlighted
Enthusiast
Enthusiast

@Lieven ,

Wow! <30 for login times?! That would be amazing.

I am not familiar with FSLogix.  How does that work? Where can I find information on it? AND it DOES work with DEM - so you can use DEM and FSLogix?

0 Kudos
Highlighted
Enthusiast
Enthusiast
0 Kudos
Highlighted
Enthusiast
Enthusiast

@ijdemes,

So, I included the Cache directory in my Teams Flex config file and even though I did not get prompted when Teams first launched, I did get prompted after I had been working on the desktop for a while and attempted to use Teams...??

0 Kudos
Highlighted
Contributor
Contributor

Now that the logins are being captured I found another issue where the Office plugin setting does not persist across logins.

- Register Teams as the chat app for Office - this setting is unticked every time I log off and in again.

 

 

0 Kudos
Highlighted
Enthusiast
Enthusiast

@ijdemes ,

So today I was prompted for my password when Teams automatically started after logging into my Windows 10 desktop. This is NOT happening on our Windows 7 desktop.

0 Kudos
Highlighted
Enthusiast
Enthusiast

@harlee ,

"Register Teams as the chat app for Office - " What does this mean?  And how do you do this?

0 Kudos
Highlighted
Contributor
Contributor

@RachelW

In Teams under settings there is an option to select "Register Teams as the chat app for Office". Once you have selected this Outlook will use Teams for meetings and also display presence of users in mail threads.

0 Kudos