[German]Administrators have been complaining for some time about sporadic problems with Single Sign On (SSO) under Microsoft's Azure Entra ID. Users are then sporadically unable to log in to their Microsoft 365 apps. Now there seems to be confirmation from a reader that Microsoft has confirmed this in internal status pages for Enterprise customers.
Advertising
Microsoft Entra SSO: What's the problem here?
At the beginning of April 2024, in the German blog post Gibt es Probleme mit Single Sign On (SSO) bei Maschinen mit Azure Entra ID?, I discussed a problem that was brought to my attention by an administrator. It is about the topic of Single Sign On (SSO for short) for applications that use the Microsoft Cloud (Azure). The technical term is now "Microsoft Entra Single Sign-On (SSO)" and is explained on this Microsoft support page.
Single sign-on (SSO) is intended to simplify access to the SaaS apps (Software-as-a-Service), cloud apps or local apps used. There is one login to Microsoft Entra ID, which should then apply to all apps used. In December 2023, Microsoft announced some changes to Single Sign One in the tech community post Upcoming changes to Windows single sign-on. This was necessary for users in Europe to ensure compliance with the requirements of the Digital Markets Act (DMA) in the European Economic Area (EEA). To this end, the functionality for SSO under Windows is to be changed from 2024.
Microsoft 365 Entra ID login hangs
In this context, German blog reader E. H. contacted me by email because he was annoyed by errors with single sign-on (SSO) in his environment. In his environment, the strange phenomenon occurs that users are sporadically no longer able to log in with Microsoft desktop apps such as Excel, Word and the like. The user login to the relevant Microsoft 365 login gets stuck with the above message.
The user only receives the message "Something didn't work" and is advised to contact support with the error code "TypeError". A supporter will not be able to do much with a type error. In the Azure log files, the following entry can be found for the corresponding user: "Failure reason User is required to permit SSO."
Advertising
The problem described in the above text or in the linked blog post was confirmed in comments from other readers. One user wrote that he had a ticket open with Microsoft about this. There was even a user comment that described a workaround mentioned by Microsoft using registration interventions, but this only applies to some apps and does not work reliably.
Microsoft confirms issues
On May 8, 2024, an administrator posted a comment within my German blog stating that it would only affect clients in his environment, not servers. However, more and more clients are affected, devices in MDM are affected more quickly and then the confirmation is requested with "Continue" (aka.ms/sso-info)".
The reader then wrote that Microsoft had set the above problem for Enterprise customers "in the status of the Windows release" as Confirmed as of May 1, 2024. However, the entry WI789501 for Windows 11 23H2 did not appear for him in the status area until May 8, 2024. The reader writes that this information has not yet been entered "in the Consumer Status Pages". I also tried searching for an entry on the web – nothing is displayed in the Known Issues status area for Windows 11 23H2 (or Windows 10 22H2 etc.). I'll pull out the text that the reader posted as a comment here:
Automatic sign-in to Microsoft applications might not work as expected
WI789501, Windows 11, version 23H2
Zuletzt aktualisiert: 1. Mai 2024, 21:47 MESZ
Entstehungszeitpunkt: 23. Jan. 2024, 23:00 MEZ
Status: Confirmed
Auswirkungen auf Benutzer: Some users reported that they must repeatedly sign-in to Microsoft applications such as Edge, Defender, and OfficeAfter installing Windows Updates released on January 23, 2024 (KB5034204) and later, a limited number of users in Europe have reported issues with automatic sign-in on Microsoft applications such as Microsoft Edge, Xbox, Office, Outlook and Defender. This issue might cause users to be logged out of any Microsoft application that uses Microsoft account [link] multiple times. Users might observe this issue once they sign into Windows using their Microsoft account.
Errors encountered by this issue might display like "Unable to sync with your account because we need to confirm that it's you. Please log in again to verify your account" or display a pop-up window 'Sign-in – Microsoft family features' with the message "You need to sign back in to your Microsoft account…".
Microsoft therefore states that the problem is caused by the KB5034204 update from January 23, 2024 or subsequent updates (see Windows 11 23H2/22H2: Preview Update KB5034204 (January 23, 2024)) and only affects a few users. This affects the automatic logon to Microsoft applications such as Microsoft Edge, Xbox, Office, Outlook and Defender. Those affected would be logged out multiple times from each Microsoft application.
Advertising