harlee
Contributor
Contributor

DEM Teams - MFA - login every time

Jump to solution

We have been using the per-machine installer version of Teams and DEM to capture the settings. However we have never successfully been able to capture the user logins so the user has to log in each time they open a new non-persistent session.

For Teams we use Duo MFA push to log in.

If we capture the whole profile the settings persist so somewhere we are missing a setting to capture in DEM.

Any suggestions would be welcome here as I am at my wits end with this program.

Current DEM settings are as follows ( we do not use DirectFlex):

[IncludeFolderTrees]

<LocalAppData>\Microsoft\IdentityCache

<LocalAppData>\Microsoft\Teams

<LocalAppData>\Microsoft\TeamsMeetingAddin

<LocalAppData>\Microsoft\TeamsPresenceAddin

<LocalAppData>\SquirrelTemp

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

<AppData>\Microsoft\Teams

<AppData>\Microsoft Teams

<AppData>\Teams

[IncludeRegistryTrees]

HKCU\Software\Microsoft\Office\Teams

[ExcludeFolderTrees]

<AppData>\Teams\logs

<AppData>\Microsoft Teams\logs

<AppData>\Microsoft\Teams\media-stack

<AppData>\Microsoft\Teams\Service Worker

<AppData>\Microsoft\Teams\Application Cache

<AppData>\Microsoft\Teams\Cache

<AppData>\Microsoft\Teams\tmp

<AppData>\Microsoft\Teams\meeting-addin\Cache

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp

[ExcludeFiles]

<AppData>\Microsoft\Teams\*.txt

<AppData>\Microsoft\Teams\lockfile

<LocalAppData>\SquirrelTemp\SquirrelSetup.log

0 Kudos
47 Replies
RachelW
Enthusiast
Enthusiast

HI @GTO455 ,

Well, that is what I found as well; Teams profile in DEM doesn't work that great. However, I do not have a large profile, it just consistently asks me to enter my password when I grab a new desktop. FSLogix worked beautifully however my FSLogix files are 30+ GB for each person.  How large are yours?  Is there a way to shrink that and minimize the amount of "stuff" being saved?

0 Kudos
Automatt1c
Enthusiast
Enthusiast

Sorry i should of included more detail, I hadn't had much time to follow up.

The configuration i posted was the contents of the actual Teams.ini File in the DEM configuration share. 

That is different than what you put in the import/ export script. The ini file includes details from all the configuration tabs in the manager.

Do you have the directflex enable or or are you processing the requests on logon? 

We would probably need more info on your DEM manager settings and the GPO's your are using. It's also possible you have conflicting Applications.
Are you using shared computer activation for 0365? 

 

My profile for about 2k users typically sit around 10mb-30mb as the largest for teams profile. Which is still kinda larger than i would like but i assume it could get a little glitchy cleaning up any more of the profile.

0 Kudos
GTO455
Enthusiast
Enthusiast

Hi @RachelW ,

 

We use O365 Containers in our FSLogix profile, and our mail files can get pretty large, so sizes can range anywhere from 30 MB to 15 GB per user.

I am by no means a Teams "expert" so I'm not sure how one would shrink stuff.

You could see what is taking up space by creating a couple of FSLogix profiles and then mounting the file in Windows. Its a VHD file that can be mounted in disk manager on a Windows system.

0 Kudos
RachelW
Enthusiast
Enthusiast

HI @GTO455 ,

So do you have a Profile and Office VHD file for each user?  I found that in order to NOT be prompted for my Teams password I had to have both. 

0 Kudos
GTO455
Enthusiast
Enthusiast

Nope, just one VHD for O365 Containers. The rest of the users profile is saved in DEM.

0 Kudos
RachelW
Enthusiast
Enthusiast

I do not currently have directflex enabled for Teams.  Should I?

I setup my Teams.ini file like you outlined above and so far Teams is logging in automatically.  Hopefully it will stay that way.  

0 Kudos
Automatt1c
Enthusiast
Enthusiast

I wouldn't personally,  it depends on the application. If it integrates with the OS or starts at login then you usually don't.
that's good to hear that its working! 

 

I only use DEM for everything. we use OST files on a high speed File Share. It's not recommended but we have users with 50gb plus OST files and nearly impossible to manage otherwise. That only caching 1 month of email!

0 Kudos
RachelW
Enthusiast
Enthusiast

Hello @Automatt1c ,

So Teams WAS auto-logging in when I logged into a new virtual/Horizon desktop.  About 2 weeks it started prompting me again to enter my password and nothing changed (that I know of). UGH....

0 Kudos