I'm trying to set up Seamless Single Sign-On (SSO) for Office 2021 LTSC and I'm running into some issues. I've got the browser part working according to Microsoft's Entra SSO instructions, where users can access a custom Outlook URL linked to our domain and log in automatically, only needing to authorize with two-factor authentication. However, when using the Outlook desktop app, users are prompted to enter their email and then the Modern Authentication dialog asks for a password.
Here's my setup:
- We primarily use local Active Directory, with no integrated email service.
- Machines are domain-joined and synced with Entra ID using password hash.
- We don't have matching UPNs in Entra ID and our local AD.
So, I have two main questions:
1. Is it feasible to implement SSO with Office 2021 LTSC (non-M365)?
2. If it is possible, what could I be overlooking? I've heard that Outlook uses Edge WebView for authentication, so I'm wondering if there are any restrictions based on that.
2 Answers
Seamless Single Sign-On might not be as common due to the advancements in Windows 10, and while you can make it work, you’d probably need the machines to be Entra ID joined. Right now, it seems you are only leveraging the local AD, which might not be providing the full SSO benefits you're looking for.
I think the core issue lies in the mismatch between the UPN for Entra ID and your local AD. SSO generally expects those to align. You seem to have a solid flow with your browser setup, but the desktop app may not handle things the same way due to this discrepancy. Have you considered matching the UPNs, even if temporarily, to see if that resolves the issues?
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures