harlee
Contributor
Contributor

DEM Teams - MFA - login every time

Jump to solution

We have been using the per-machine installer version of Teams and DEM to capture the settings. However we have never successfully been able to capture the user logins so the user has to log in each time they open a new non-persistent session.

For Teams we use Duo MFA push to log in.

If we capture the whole profile the settings persist so somewhere we are missing a setting to capture in DEM.

Any suggestions would be welcome here as I am at my wits end with this program.

Current DEM settings are as follows ( we do not use DirectFlex):

[IncludeFolderTrees]

<LocalAppData>\Microsoft\IdentityCache

<LocalAppData>\Microsoft\Teams

<LocalAppData>\Microsoft\TeamsMeetingAddin

<LocalAppData>\Microsoft\TeamsPresenceAddin

<LocalAppData>\SquirrelTemp

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

<AppData>\Microsoft\Teams

<AppData>\Microsoft Teams

<AppData>\Teams

[IncludeRegistryTrees]

HKCU\Software\Microsoft\Office\Teams

[ExcludeFolderTrees]

<AppData>\Teams\logs

<AppData>\Microsoft Teams\logs

<AppData>\Microsoft\Teams\media-stack

<AppData>\Microsoft\Teams\Service Worker

<AppData>\Microsoft\Teams\Application Cache

<AppData>\Microsoft\Teams\Cache

<AppData>\Microsoft\Teams\tmp

<AppData>\Microsoft\Teams\meeting-addin\Cache

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\Temp

[ExcludeFiles]

<AppData>\Microsoft\Teams\*.txt

<AppData>\Microsoft\Teams\lockfile

<LocalAppData>\SquirrelTemp\SquirrelSetup.log

0 Kudos
66 Replies
RachelW
Enthusiast
Enthusiast

So I have Teams auto logging in on my Windows 7 Horizon/virtual desktop using the proposed DEM configuration outlined above.  However, this same configuration is not working for the Windows 10 Horizon/virtual desktop.  What does the DEM configuration need to  look like for Teams to auto login on my Windows 10 virtual desktops?  

0 Kudos
MeyMath
Contributor
Contributor

Hi guys,
we investigated into this issue and we found a solution.

Teams DEM Settings:

[IncludeFolderTrees]
<LocalAppData>\Microsoft\Credentials
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\TokenBroker

[IncludeFiles]
<AppData>\Microsoft\Teams\desktop-config.json
<AppData>\Microsoft\Teams\preauth.json
<AppData>\Microsoft\Teams\Preferences
<AppData>\Microsoft\Teams\settings.json
<AppData>\Microsoft\Teams\storage.json

[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams\
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy

[ExcludeFolderTrees]
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

 

Shared Settings for O365:

Include the following into IncludeFolderTrees:

<LocalAppData>\Microsoft\Office\16.0\Licensing

 

With this config it works fine for us

KR
Mathias

0 Kudos
RachelW
Enthusiast
Enthusiast

@MeyMath ,

Thank you for the post.  So I added the above to my DEM config file for Teams for my Windows 10 virutal desktop and I have some different results.  Now, when I login to the desktop I am presented with the Login screen showing my Account and a Sign In button (attached).  When I click Sign in, it takes me directly into  Teams without having to put my password in.  So this is different behavior, maybe better since I don't haVe to type a password but would still prefer having it automatically logging in. I must be missing something....

 

0 Kudos
MeyMath
Contributor
Contributor

@RachelW 

We changed in the meantime the settings to the following one, because Microsoft updated the AAD Broker Plugin and schanged the version number:

[IncludeFolderTrees]
<LocalAppData>\Microsoft\Credentials
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\TokenBroker

[IncludeFiles]
<AppData>\Microsoft\Teams\desktop-config.json
<AppData>\Microsoft\Teams\preauth.json
<AppData>\Microsoft\Teams\Preferences
<AppData>\Microsoft\Teams\settings.json
<AppData>\Microsoft\Teams\storage.json

[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion

[ExcludeFolderTrees]
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

All my customers and me are working fine with this configuration

0 Kudos
RachelW
Enthusiast
Enthusiast

@MeyMath 

Thank you for the response. 

I went back and looked at my Config file for Teams in DEM and discovered I was missing the IncludeFiles section.  I added it and the first time I logged in it prompted me to click Sign IN on the screen where my userid was already filled it and then I had to type my password in.  I logged out of the desktop, logged back in and now Teams signs in automatically.  I have done this twice now and so far so good.  When I get into Teams, it takes me to the Teams section instead of Chat.  This is not a big deal but just curious if there is a way to make the default section Chat. 

Currently, my config file looks like this.  I left all of the entries in the IncludeRegistryTrees section which I know you have taken out.  Shall I remove the entries as you indicated?

[IncludeFolderTrees]
<LocalAppData>\Microsoft\Credentials
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\TokenBroker
<LocalAppData>\Microsoft\Office\16.0\Licensing

[IncludeFiles]
<AppData>\Microsoft\Teams\desktop-config.json
<AppData>\Microsoft\Teams\preauth.json
<AppData>\Microsoft\Teams\Preferences
<AppData>\Microsoft\Teams\settings.json
<AppData>\Microsoft\Teams\storage.json

[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams\
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy

[ExcludeFolderTrees]
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

Thank you!

0 Kudos
RachelW
Enthusiast
Enthusiast

@MeyMath 

I am working with a different customer on a Teams issue where a few of the users are getting an error when Teams attempts to start.

"There's a more permanent way to sign in to Microsoft Teams. If you're having trouble completing the process, talk to your IT admin."  See attached for complete message. 

I implemented this in DEM for them but some users are still getting the above error.  I looked on a horizon desktop and see all of the teams information in the C:\Users\rwulffenstein\AppData\Roaming\Microsoft\Teams directory which is not included in DEM.  Should it be?

[IncludeFolderTrees]
<LocalAppData>\Microsoft\Credentials
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
<LocalAppData>\Microsoft\IdentityCache
<LocalAppData>\Microsoft\TokenBroker
<LocalAppData>\Microsoft\Office\16.0\Licensing

[IncludeFiles]
<AppData>\Microsoft\Teams\desktop-config.json
<AppData>\Microsoft\Teams\preauth.json
<AppData>\Microsoft\Teams\Preferences
<AppData>\Microsoft\Teams\settings.json
<AppData>\Microsoft\Teams\storage.json

[IncludeRegistryTrees]
HKCU\Software\Microsoft\Office\Teams\
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.aad.brokerplugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PolicyCache\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Families\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-1910091885-1573563583-1104941280-2418270861-3411158377-2822700936-2990310272
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\Microsoft.AAD.BrokerPlugin_1000.18362.449.0_neutral_neutral_cw5n1h2txyewy

[ExcludeFolderTrees]
<LocalAppData>\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\TempState

0 Kudos
Hoodsie2018
Enthusiast
Enthusiast

By the time everyone gets to a final working solution we should start a Team VDI consulting company! lol 

Kudos for everyone to their help and respectful replies. I'm going to be tackling updating teams soon after we upgraded vSphere and Horizon and remembered just how frustrating it will likely be to get this all working again. 

0 Kudos