I working now since three days on the problem, that Oulook always asks for the account password. The password dialog is initialted by C:\Windows\SystemApps\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\Microsoft.AAD.BrokerPlugin.exe.
I tried real a lot to monitor which changes are made when I give Outlook the account password - but no luck until now.
The DEM-Profiler doesn't want to profile Outlook because it tells, that there is already a template. Is there any hidden switch to start the Application Profiler which allows to profile Outlook?
For testing purposes I created a Office365 template which captures everything in the user profile:
Using this template results in a big zip-file but outlook doesn't ask again for the password. This is no solution but it tells me, that the built-in template for "Shared Settings" and/or Outlook is insufficient.
Which part of the user-profile does the DEM do not capture?
What your running into is Shared Computer Activation. DEM doesn't need to capture the license token from O365 as Outlook should be using integrated windows authentication to identify the user UPN and assigned O365 license.
However, in a non-persistent environment there a couple extra steps. Please review this Techzone Article, is does mention 'Horizon 7' but it applies to Horizon 8.
Best Practices for Delivering Microsoft Office 365 in VMware Horizon 7 | VMware
I think that the shared computer activation is not the problem, because the activation is still active. My problem is that users are always need to give their password.
DEM doesn't need to capture the license token from O365 as Outlook should be using integrated windows authentication to identify the user UPN and assigned O365 license.
You mean I need to exclude some files (the license token files?) - which ones are they?
I know this Tech Zone article very good ... I don't know what could be wrong?
I think the most important is the value in the configuration.xml:
<Property Name="SharedComputerLicensing" Value="1" />
This thread is a little old but do you happen to be using Workspace One Access with TrueSSO? I am having the same issue when we use WS1 Access. The user token you get with TrueSSO is not enough to satisfy the O365 SSO requirements.
You can test this theory by RDPing to your image and testing O365 activation. Similarly, you can bypass SW1 Access and got direct to the UAG's.
I have an open case with VMware right now to try and resolve this issue.
I think I found a solution. I need to disable Modern-Authentication for O365.
It can be done with the following keys:
BUT ... it is something that Microsoft does not recommend:
I strongly suspect that this is because my instant clones are not "Hybrid Azure AD" joined, but only AD-joined. I think this is definitely worth another test to include them in our Azure AD.
Or does someone has another idea?
I actually found a solution for this. You need to enable Azure Seamless SSO (Azure AD Connect: Seamless Single Sign-On - quickstart - Microsoft Entra | Microsoft Docs). It's a mechanism for older operating systems that still works with Windows 10/11. After I enabled Azure Seamless SSO, Office is activating when the user uses a TrueSSO token. The TrueSSO user token doesn't have enough data to satisfy the M365 login requirements.
Hope the helps someone in the future.
I am currently also looking for a solution to this problem.
But unfortunately, disabling "Modern Autentication" is not an option, as "Basic authentication" will be decaitvered on 01.10.2022 for Exchange Online. https://docs.microsoft.com/en-us/exchange/clients-and-mobile-in-exchange-online/deprecation-of-basic...
We are using the following for the customer at the moment:
non-persistent Windows Server 2019 with RDS role
VMware DEM 2111 (10.5)
Azure AD Connect with Password Hash Sync and SSO
Microsoft Office LTSC Standard 2021 with SPLA Licensing
Since backing up all user information as described in your first post also fixed the problem, I strongly assume that only certain folders or registry entries still need to be backed up.
What is also strange in my case is that the login works sporadically in all applications (Outlook, Teams, OneDrive), then sometimes only in Outlook and sometimes in none of the Microsoft applications.
I have attached my DEM configuration. We use AppData redirection
Just yesterday I gave up trying to get DEM working for Office and switched to FSLigix Containers for O365. That seems to have resolved our intermittent issues, especially for OneDrive. We are still using DEM for all other applications.
If I remember correctly, we ran into some issues with Outlook on instant clones + DEM + FSLogix (probably the password thing itself) and have set the exact same registry keys and its working fine for a long time. I'm aware that MS doesn't recommend that though.
Yes, we now do a hybrid join for the VMs into Azure and the problem with the password is gone. It's the best way to solve this problem. Only the Azure sync is not seamless, because the join is triggered by a task from Azure AD Connect each half hour only.
We are connecting our users directly to exchange in the cloud.
I'm working with FsLogix in my Lab.
But, I'm running this config file, and it works for us as we speak...
there are some "baloontips" i.e that shows up every time, but i assume that they will disappear when we start using FsLogix.
Outlook Configfile is 39kb.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
can you share some more details on this? As it seems you are running the only working solution, which is also supported from Microsoft side (not disabling ADAL or WAM).
Thanks and best regards Markus
i posted a working solution in my last post. The Key is to properly save the "Modern Authentication" from Microsoft 365. This is done through the "Shares Settings.ini" in my ZIP file from my last post. This configuration works for manually logged in M365 user (Modern Auth), for Azure AD SSO logged in users (Modern Auth), and for on prem Exchange logins (Basic Auth). FSlogic is not needed with this configuration's.
Microsoft Office\Shared Settings.ini
HKCU\Software\Microsoft\Office\16.0\Microsoft Office 2016
HKCU\Software\Microsoft\Shared Tools\Proofing Tools
# Ausgeklammert, da die AppData Folder Redirection aktivert ist
Ours is sporadic, can you confirm if your DEM capture works with multiple accounts added to Outlook (not delegated)?
I just added your lines to our Shared settings but we are still having issues.