How to Activate the Office Applications in Intranet Environment ? Our customer is facing this Issue.

Question

The main issue is on every instance while using office application, the application is trying to connect with internet first as internet connection is not available on our intranet network the application is not responding for few minutes.

the application is working fine on internet connection. we have bought 294 licenses out of which we will be using approx 194 connection on intranet network.

we have tried the following solution but issue still persist.

1. Disable "Connected Experiences" (Most Likely Fix) 

Outlook 2024 tries to connect to Microsoft 365 services for enhanced features. Disabling this stops the constant search for the internet. 

1.     In Outlook, go to File > Office Account.

2.     Under Account Privacy, click Manage Settings.

3.     Uncheck Turn on connected experiences (or "All connected experiences").

4.     Restart Outlook. 

 

2. Force Outlook to Ignore Office 365 Endpoints (Registry Fix) 

If you are purely on-premise and do not have a hybrid setup, you must stop Outlook from trying to connect to 365 endpoints.

·        Path: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\16.0\Outlook\AutoDiscover

·        Key: ExcludeExplicitO365Endpoint

·        Type: DWORD

·        Value: 1 

For added robustness, add these keys under the same folder: 

·        ExcludeHttpsRootDomain = 1

·        ExcludeSrvRecord = 1 

 

3. Disable Modern Authentication (Forced Basic Auth) 

If your on-premise Exchange server does not use OAuth/Modern Auth, Outlook 2024 will keep failing.

·        Path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

·        Key: EnableADAL

·        Type: DWORD

·        Value: 0 (This forces Legacy/Basic authentication) 

 

4. Clear Cached Credentials 

Windows may be trying to use old or incorrect credentials, causing a loop. 

1.     Close Outlook.

2.     Open Control Panel > Credential Manager > Windows Credentials.

3.     Remove all entries related to MicrosoftOffice16_Data and your email address.

4.     Restart Outlook and re-enter credentials, ensuring "Remember Password" is checked. 

 

5. Disable "Try the new Outlook" Toggle 

The toggle for the new web-based Outlook often causes connectivity issues with on-premise setups. 

·        Path: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Outlook\Options\General

·        Key: HideNewOutlookToggle

·        Type: DWORD

·        Value: 1 

Answer 1

Hi Sanjay Jhanji

Thank you for reaching out to Q&A forum

Based on my research, in an intranet-only environment, Microsoft 365 Apps (subscription) will try to reach Microsoft’s cloud licensing services during first run and periodically to stay activated. If that internet path is blocked, the apps can appear to hang or show “Not Responding” while network calls time out.

So, in this context, I think the below information might help you:

1. If you must keep Microsoft 365 Apps: allow the required outbound connectivity (via proxy/firewall) to Microsoft 365 endpoints so licensing checks don’t stall. Microsoft provides the official endpoint list and a web service to keep rules updated.
2. If your organization is eligible: enable Extended Offline Access so devices can remain activated for up to 180 days without internet connectivity.
3. If the network cannot have internet at all: use a volume-licensed Office edition (Office LTSC) and activate internally using KMS, Active Directory-based activation, or MAK (including proxy activation scenarios).

Hope my answer will help you, kindly let me know in the comment section for further support

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".     

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Answer 2

Office applications, including Outlook, must periodically reach Microsoft 365 activation and licensing services over the internet. In a pure intranet (no internet) environment, activation and ongoing license validation will fail or be unreliable unless:

• The devices have at least intermittent internet access to required Microsoft 365 endpoints, or
• A supported, internet-connected activation scenario (such as volume licensing with appropriate infrastructure) is used instead of Microsoft 365 Apps.

From the provided information, the behavior where Office “hangs” while trying to reach the internet is consistent with network/activation connectivity issues described for Microsoft 365 Apps.

To stabilize activation and connectivity where internet is restricted, the following must be ensured:

1. Allow required Microsoft 365 URLs through firewall/proxy
   If the environment uses a proxy or firewall, it must allow access to the Microsoft 365 activation and common service endpoints. Specifically, the firewall must permit at least the URLs listed for activation and common services, including (non‑exhaustive list from the context):
   • officecdn.microsoft.com
   • ols.officeapps.live.com/olsc
   • activation.sls.microsoft.com
   • odc.officeapps.live.com
   • officeclient.microsoft.com
   • login.windows.net
   • login.microsoft.com
   • login.microsoftonline.com
   • crl.microsoft.com and related CRL URLs
   • go.microsoft.com
   • Office15client.microsoft.com
   • cdn.odc.officeapps.live.com
   • ajax.aspnetcdn.com
   • aadcdn.msauth.net
   • aadcdn.msauthimages.net
   • enterpriseregistration.windows.net
   Each firewall has its own configuration method; the admin must explicitly allow these endpoints. If a proxy is used, configure netsh winhttp set proxy <Address of proxy server> and ensure these URLs are not blocked, or allow Microsoft 365 to bypass the proxy using a PAC file as described in Managing Microsoft 365 endpoints.
2. Check if a proxy is required and configured on clients
   If the intranet requires a proxy for outbound internet, configure WinHTTP proxy on the clients:
   1. Open Command Prompt as administrator.
   2. Run: netsh winhttp set proxy <Address of proxy server>
   3. Confirm that the proxy allows the Microsoft 365 URLs listed above.
3. Verify that no incorrect DNS records are blocking activation
   If using a custom domain, check external DNS for an MSOID CNAME pointing to clientconfig.partner.microsoftonline-p.net.cn. This CNAME is only valid for Microsoft 365 operated by 21Vianet (China). If present in a non‑21Vianet tenant, users will see “custom domain isn't in our system” and activation will fail. Remove that CNAME and wait for DNS replication.
4. Ensure Network Connectivity Status Indicator (NCSI) is working
   Windows uses NCSI to determine internet connectivity. If NCSI is disabled or misreporting, Office may behave as if offline or hang while checking connectivity.
   • Use PowerShell: Get-NetConnectionProfile to verify that the network profile reports internet access correctly.
   • If NCSI active probe has been disabled via registry or GPO, re‑enable it as per the guidance in the context so Windows can correctly detect internet connectivity.
5. General Microsoft 365 activation connectivity checks
   If users see messages like “We’re having trouble activating Office” or similar, follow these additional steps from the activation network troubleshooting guidance:
   • Make sure Windows is fully updated (Check for updates → install all updates → restart → retry activation).
   • If behind a firewall, confirm that the URLs listed above are reachable from client machines.
   • Temporarily disable antivirus, VPN, or proxy/firewall rules that might block the Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy process, then test activation again. If blocked, adjust security software to allow this process.
   • If necessary, clear BrokerPlugin token data under:
     • %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy\AC\TokenBroker\Accounts
     • %LOCALAPPDATA%\Packages\Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy\AC\TokenBroker\Accounts then restart and run the Microsoft 365 sign‑in troubleshooter.
6. If using older Windows versions
   For Windows 8.1 or earlier, TLS 1.2 must be enabled for activation to work. Ensure:
   • Required service packs are installed.
   • TLS 1.2 is enabled in Internet Options → Advanced.
7. If no internet access is possible at all
   The documentation in the context assumes that at least some outbound connectivity to Microsoft 365 endpoints is available. If the intranet is completely isolated (air‑gapped) and cannot reach any Microsoft 365 activation endpoints, Microsoft 365 Apps (subscription) is not a supported configuration. In that case, consider using a perpetual, volume‑licensed Office edition designed for offline activation instead of Microsoft 365 Apps, and follow that product’s activation model.

In summary, to stop Office from hanging and to keep it activated in an intranet environment, the network must still allow required Microsoft 365 activation and identity endpoints (via firewall/proxy configuration), NCSI must correctly detect connectivity, and any blocking security software or incorrect DNS entries must be corrected. Purely disabling Outlook features or registry keys without providing the required connectivity will not resolve activation and connectivity checks.

---

References:

• Microsoft 365 Apps activation network connection issues
• "We are unable to connect right now" error when users try to activate Microsoft 365 Apps for enterprise
• Can't sign in or activate Outlook and Microsoft 365 applications