[German]Question for Microsoft 365 administrators and service providers. Has there been increased feedback in recent days that apps are losing their connection to Microsoft services? Affects for example Office, Outlook, OneDrive, so that users have to log in again every day. One reason could be a bug in FSLogix 2210.
A reader's note
German blog reader Liam contacted me by email yesterday at noon (thanks for that, and sorry, just fished it out of the SPAM folder today) and wrote the following (I've translated it):
Dear Mr. Born,
In the last few days, I have noticed more and more massive connection problems with the Microsoft 365 applications with my customers.
Some of them have to reconnect to all applications (Office, Outlook, OneDrive,..) every morning.
No matter if the account is registered as a business or school account, or if it is synced with the AAD.
Maybe more blog readers have these problems?
I wasn't aware of any similar feedback from blog readers reporting anything like this
Feedback on Facebook
I post my blog articles on Facebook in private groups for IT service providers and administrators. I have received some feedback on the topic from this groups.
Blame a FSLogix V2210 bug
A user mentioned the FSLogix V2210 bug, which I had addressed in my recent blog post Windows Logon hangs on "Other user" because of Citrix Workspace app; FSLogix V2210 bug causes logon hang, from which I thougt, it's only related to Windows. But the user wrote:
Yes, it is eg a known issue with FSLogix 2210, as we learned this week.
Another user answered my question whether the bug does not affect only Windows as:
Günter Born no, we demonstrably had the problem with the build version of FSLogix. After hours of experimenting, Josef Hlawaty found a hint in a blog entry that can be summarized as "install the second to last version and all is well"…..
And Josef Hlawaty then followed up with the following answers in another reply on Facebook:
Here's the quote from the link: "Users may need to authenticate with their apps (e.g. Microsoft 365 apps, Teams (work or school), OneDrive, etc.). every time they sign in. "
He posted a referenced to the Microsoft support article Azure AD Authentication for applications. The post was updated as of January 18, 2023, and refers to FSLogix 2210 (2.9.8361.52326) or later.
Azure AD Authentication for applications
Updated: January 18, 2023
Affected version(s): FSLogix 2210 (2.9.8361.52326) or later
Users may be required to authenticate to their applications (for example, Microsoft 365 apps, Teams (work or school), OneDrive, etc.) at every sign-in. The repeated authentication prompts are due to the virtual machines Azure AD device state. We recommend virtual machines are Azure AD Joined (AADJ) or Hybrid Azure AD Joined (HAADJ) for the best user experience.
Virtual machines, which are AADJ or HAADJ create the user's primary refresh token (PRT) at sign-in. Primary refresh token(s) created at sign-in will be used to authenticate to Azure AD based applications. Standard Domain Joined (DJ) virtual machines don't create a PRT at sign-in, instead rely on the Microsoft Azure AD broker plugin.
Seems to me that this is a perfect match of the issue Liam described in his above mail.
Cookies helps to fund this blog: Cookie settings