Microsoft 365 App: Connection issues (since Aug. 17, 2022) due to Tenable security tool?

[German]Since August 17, 2022, Microsoft Cloud users have been suffering from issues when using Microsoft 365 Apps. Users are unable to log in and receive errors. I had already reported in the German blog post Microsoft Cloud-Störungen 17. – 23. und 25. August 2022 about issues with Microsoft 365 desktop apps. Since mid August 2022 users are facing login issues with Microsoft 365 apps. Now there is the clue to the cause: A web account manager plugin that facilitates desktop application authentication in Azure is uninstalled on affected user devices as an unintended side effect of a scan by a Tenable security software.


Advertising

A reader alert

German blog eader Andreas P. had sent me the following excerpt from the Microsoft 365 Admin Center yesterday regarding a lengthy outage (thanks for that). The first entries result from August 19, 2022, but the emailed logs are truncated there. The most recent notifications are for September 1, 2022 and involve Windows applications such as:

  • Microsoft Teams
  • Microsoft Outlook
  • OneDrive for Business
  • Microsoft Excel
  • Microsoft PowerPoint
  • Microsoft Word
  • Microsoft OneNote

Some users are unable to log into Microsoft 365 desktop applications and are receiving errors. Here is the full text of the status message in question.

Published Time: 29.08.2022 23:26:54

Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors.

More info: Microsoft 365 applications on the web and mobile apps are unaffected by this issue. 
 
Users on an affected Windows device may see a Microsoft 365 desktop application window either close abruptly or never open with no error message or pop-up displayed to the user. In other scenarios some users will see 'Need Password' or 'There is a problem with your account' due to the issue. Impacted users are unable to connect to the affected desktop app even after attempting to login via the credential prompt, performing an app restart, or a device restart.

Affected desktop client applications on Windows devices include the following:
– Microsoft Teams
– Microsoft Outlook
– OneDrive for Business
– Microsoft Excel
– Microsoft PowerPoint
– Microsoft Word
– Microsoft OneNote

Next update by: Thursday, September 1, 2022, at 5:00 AM UTC

Published Time: 25.08.2022 20:58:03

Title: Some users may be unable to sign into Microsoft 365 desktop applications and encounter errors

User Impact: Users may be unable to sign into Microsoft 365 desktop applications and encounter errors.

More info: Microsoft 365 applications on the web and mobile apps are unaffected by this issue. 
 
Users on an affected device may see a Microsoft 365 desktop application window either close abruptly or never open with no error message or pop-up displayed to the user. In other scenarios some users will see 'Need Password' or 'There is a problem with your account' due to the issue. Impacted users are unable to connect to the affected desktop app even after attempting to login via the credential prompt, performing an app restart, or a device restart. 
 
Affected desktop applications include the following: 
– Microsoft Teams desktop app 
– Microsoft Outlook desktop app 
– OneDrive for Business desktop app 
– Microsoft Excel desktop app 
– Microsoft PowerPoint desktop app 
– Microsoft Word desktop app 
– Microsoft OneNote desktop app 

Tenable/Nessus and Microsoft provide guidance

The status report states that Tenable/Nessus (a third-party vendor), in collaboration with Microsoft development teams, has released more information and customer guidance on how to resolve this issue. Microsoft recommends customers follow the instructions in the article Plugin Updates to Address Windows Scan Targets being left unable to connect to Azure Active Directory (AAD) to minimize the impact caused by this incident.

The background to the mess is that the Microsoft Azure AD WAM plugin is removed as a side effect of a remote scan. This scan is done by a Tenable vulnerability assessment software. The plugin facilitates desktop application authentication. Microsoft has published a supplemental article that provides additional guidance that users can implement to address the following issues that occur with Microsoft 365 desktop apps: 

  • The window of an open application closes abruptly.
  • An application does not open when you launch it. No error message is displayed, but entries are recorded in the event log.
  • It is not possible to log in to a desktop application. When you try to log in, either the Password required prompt or the There is a problem with your account message is displayed.
  • You cannot connect to the desktop application, even if you log in using a credential prompt, quit and restart the application, or restart the device.

Microsoft writes in the Microsoft 365 status area that some affected customers reported that they do not use Tenable. However, according to Redmond, Microsoft's investigation of this issue has revealed that the affected customers do use the Tenable/Nessus plugin mentioned above. Microsoft states in this regard:


Advertising

Tenable is a remote scanning tool that can be configured to run on your network for devices running Windows machines connected to Azure Active Directory (AAD). The Tenable plugin may not be present or discoverable on every endpoint device. Please contact your organization's IT department to determine if Tenable is in use.

Regarding the current status, Microsoft writes:

Based on our research, we are expanding the scope of devices affected by the Windows Troubleshooter fix. If your organization has Windows Troubleshooter enabled, the fix will be automatically implemented once the affected devices receive the fix. However, this fix will not be applied if your organization has disabled Windows Troubleshooter either by Group Policy or through Microsoft Endpoint Manager (MDM).

Administrators of affected organizations should review the Microsoft and Tenable/Nessus posts linked above to see if the issue can be resolved with the actions mentioned here.


Advertising

This entry was posted in Cloud, Office and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).