Share via

In an environment where user synchronization is done with an alternate ID, SSO for M365 apps is not working well

熊谷 吉斗 0 Reputation points
2025-03-25T02:26:33.44+00:00

After I connect to an AVD session host [Windows 11 Enterprise multi-session (including M365)],

I starting M365 desktop applications (Excel, Word, PowerPoint, Teams).However SSO does not occur.

Could you please provide the cause and solution?

■Verified Details

・M365 application version: Latest.

・Computer object [AzureADSSOAcc] in on-premise AD: Created.

・SSO confirmation in browser (Google Chrome):

 - Normal mode : SSO works

 - Incognito mode: Not SSO

・Microsoft's official documentation Settings: ALL Configured

 URL: https://learn.microsoft.com/ja-jp/entra/identity/hybrid/connect/how-to-connect-sso-quick-start

・Security Log : There are no logs containing "AzureADSSOAcc$"

・Other things : After some time upon starting Excel, I Run Klist command ,It is cached "[http://autologon.microsoftazuread-sso.com]: <on-premise AD domain name>.LOCAL".

※Note: "AzureADSSOAcc$" is not cached.

■Configuration

<Microsoft Entra ID Connect>

・SSO enabled (confirmed on Entra ID).

・Password hash synchronization.

・User synchronization with alternate ID (ST attribute is synchronized as UPN).

※Note: The UPN for on-premise AD and Entra ID differs.

<ADFS>

・Not configured.

Microsoft Security | Microsoft Entra | Microsoft Entra ID

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Surya Prakash Kotte 3,190 Reputation points Microsoft External Staff Moderator
    2025-04-01T05:18:50.35+00:00

    Hello @熊谷 吉斗,

    Based on your query, I understand you want to set up SSO for all M365 Apps.

    SSO will work on a normal browser when you open any M365 Apps, but it will not work in the In-private window on any browser (Chrome, Edge) because Azure AD Seamless SSO does not work in private/incognito mode. This is because browsers block automatic authentication (Kerberos/NTLM) and do not retain session cookies. Additionally, it won’t work in Internet Explorer's Enhanced Protected Mode or when Enhanced Security Configuration is enabled.

    Here the Reference Doc:

    https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/tshoot-connect-sso

    I hope this information is helpful. Please feel free to reach out if you have any further questions.

    If the answer is helpful, please click "Accept Answer" and kindly "upvote it". If you have extra questions about this answer, please click "Comment"

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.