Implementing Azure AD Application Proxy for your applications can indeed present some unique challenges, especially when integrating with desktop applications like Microsoft Teams and Excel. Your description indicates issues with authentication flow and token passing when accessing these applications through the desktop versions of Teams and Excel. Let's address each scenario:
Uptime Monitor in SharePoint through Microsoft Teams
- IFrame Issues with Desktop Apps:
- Desktop applications like Teams often have stricter security controls compared to their web counterparts. This includes limitations on IFrames due to security concerns like Clickjacking.
- Teams desktop app may not accept cookies or maintain session data the same way a browser does, which is crucial for SSO (Single Sign-On) to work seamlessly.
- Possible Solutions:
- Custom Tab in Teams: Instead of using an IFrame, consider creating a custom tab in Teams that opens the SharePoint page. This approach can handle authentication more seamlessly.
- Token Passing: Investigate if the Teams desktop application can pass the necessary authentication tokens. This may require custom development.
- Consult Teams Development Documentation: Review the Microsoft Teams development documentation for guidelines on integrating web content within the Teams desktop app.
Excel Add-In Behind App Proxy
- Authentication Differences:
- The behavior you're observing suggests that the Excel desktop app may not be passing the authentication token to the add-in, unlike the web version.
- Desktop versions of Office applications may not share the same authentication/session context as the browser.
- Possible Solutions:
- Office Add-in Authentication: Explore the Office Add-ins documentation for guidance on handling authentication within Office Add-ins, especially for desktop applications.
- **Use of MSAL Libraries**: Consider using Microsoft Authentication Library (MSAL) within your add-in to handle token acquisition and refresh.
- Manifest Adjustments: Ensure that your add-in’s manifest is properly configured to request the necessary permissions and handle authentication correctly.
General Recommendations
- Testing and Logging: Implement detailed logging to track the authentication process and identify where the flow breaks.
- Microsoft Support: If you're unable to resolve these issues, consider reaching out to Microsoft Support for more tailored assistance.
In both cases, the key challenge is ensuring that the desktop applications can handle authentication tokens in a manner similar to their web counterparts. This often requires specific configurations and sometimes custom development to ensure seamless integration with Azure AD Application Proxy.
If this information was helpful or if you need further assistance, feel free to ask. I'm here to help!