check before: 2024-09-30
Product:
Entra, Exchange, Microsoft 365 for the web, Microsoft Edge, Outlook, SharePoint
Platform:
Android, Developer, iOS, Mac, mobile, Online, US Instances, Web, World tenant
Status:
Change type:
New feature, User impact, Admin impact
Links:
Details:
Summary:
Outlook for the web users may need to sign in again due to third-party cookie blocks in Chrome and Edge, following a migration to MSAL. A banner will prompt users to refresh their session, affecting those without device SSO. Rollout begins late September 2024, with no admin action required before then.
Details:
As communicated in MC711020 Outlook: Outlook for web - new application ID (January 2024), Microsoft Outlook for the web is undergoing an authentication platform migration to a public client authentication model using MSAL (Microsoft Authentication Library). The change to client-side authentication will be subject to Google's third-party cookie block that may be active in Chrome and Edge.
Google's third-party cookie block impacts navigation to Microsoft Entra ID to perform silent single sign-on (SSO). To overcome this block, Outlook for the web will present a banner for the user to refresh their session. This will enable navigation to Entra ID to refresh their token. SSO-enabled Windows devices are expected to silently sign in users with SSO without requiring further interaction and will not display the banner. This issue affects Outlook for web users. It will not affect users of new Outlook for Windows, Outlook (classic), Outlook for Mac, Outlook Mobile for iOS and Outlook Mobile for Android.
[When this will happen:]
General Availability (Worldwide): We will begin rolling out late September 2024 and expect to complete by late December 2024.
General Availability (GCC, GCC High, DoD): We will begin rolling out late October 2024 and expect to complete by late December 2024.
Change Category:
XXXXXXX ... free basic plan only
Scope:
XXXXXXX ... free basic plan only
Release Phase:
Created:
2024-08-24
updated:
2024-08-24
Task Type
XXXXXXX ... free basic plan only
Docu to Check
XXXXXXX ... free basic plan only
MS How does it affect me
XXXXXXX ... free basic plan only
MS Preperations
XXXXXXX ... free basic plan only
MS Urgency
XXXXXXX ... free basic plan only
MS workload name
XXXXXXX ... free basic plan only
linked item details
XXXXXXX ... free basic plan only
Pictures
XXXXXXX ... free basic plan only
Direct effects for Operations**
User Sign-In Requirements
Users will be required to sign in again after 24 hours due to third-party cookie blocks, disrupting their workflow.
- roles: End Users, IT Support
- references: https://chromeenterprise.google/policies/BlockThirdPartyCookies, https://learn.microsoft.com/entra/identity/devices/device-sso-to-on-premises-resourcesOverview
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/entra/identity/devices/device-sso-to-on-premises-resourcesOverview
Session Expiration Notifications
Users will see a red banner indicating their session has expired, which may cause confusion and frustration.
- roles: End Users, Help Desk Staff
- references: https://developers.google.com/privacy-sandbox/blog/cookie-countdown-2023oct, https://github.com/AzureAD/microsoft-authentication-library-for-jsmicrosoft-authentication-library-for-javascript-msaljs
Embedded App Functionality
Embedded experiences within Outlook for the web may stop functioning, requiring users to refresh their session or relaunch the app.
- roles: End Users, Application Developers
- references: https://learn.microsoft.com/entra/identity/devices/device-sso-to-on-premises-resourcesOverview, https://chromewebstore.google.com/detail/ppnbnpeolgkicgegkbkbjmhlideopiji
Increased IT Support Requests
The need for users to frequently sign in again may lead to an increase in support requests, straining IT resources.
- roles: IT Support, System Administrators
- references: https://chromeenterprise.google/policies/BlockThirdPartyCookies, https://learn.microsoft.com/entra/identity/devices/device-sso-to-on-premises-resourcesOverview
" target="_blank" rel="nofollow noopener noreferrer">https://learn.microsoft.com/entra/identity/devices/device-sso-to-on-premises-resourcesOverview
User Experience Disruption
Overall user experience will be negatively impacted due to unexpected sign-in prompts and session management issues.
- roles: End Users, User Experience Designers
- references: https://developers.google.com/privacy-sandbox/blog/cookie-countdown-2023oct, https://github.com/AzureAD/microsoft-authentication-library-for-jsmicrosoft-authentication-library-for-javascript-msaljs
Configutation Options**
Reset BlockThirdPartyCookies Setting
Enterprise administrators can reset the BlockThirdPartyCookies setting in Chrome to avoid the cookie block issue.
- technical instructions: 1. Open Chrome Enterprise policy settings. 2. Locate the BlockThirdPartyCookies setting. 3. Reset the setting to allow third-party cookies.
- references: https://chromeenterprise.google/policies/BlockThirdPartyCookies
Enable SSO from Windows Devices
Enabling Single Sign-On (SSO) from Windows devices can help users avoid the sign-in prompt.
- technical instructions: 1. Ensure that the device is joined to Azure AD. 2. Configure SSO settings in the Azure portal under 'Devices'.
- references: https://learn.microsoft.com/entra/identity/devices/device-sso-to-on-premises-resourcesOverview
Microsoft Single Sign-On Extension for Chrome
Adding the Microsoft Single Sign-On extension for Chrome can help users maintain their session without interruptions.
- technical instructions: 1. Go to the Chrome Web Store. 2. Search for 'Microsoft Single Sign-On'. 3. Click 'Add to Chrome' to install the extension.
- references: https://chromewebstore.google.com/detail/ppnbnpeolgkicgegkbkbjmhlideopiji
User Notification and Documentation Update
Notify users about the upcoming changes and update relevant documentation to prepare them for the new sign-in process.
- technical instructions: 1. Draft a communication plan. 2. Create or update documentation regarding the new sign-in process. 3. Distribute the information to all users.
- references: https://learn.microsoft.com/en-us/microsoft-365/admin/admin-overview/admin-overview?view=o365-worldwide
Monitor Authentication Rollout
Keep track of the authentication rollout to ensure users are not facing issues post-migration.
- technical instructions: 1. Use Azure AD sign-in logs to monitor user sign-in activities. 2. Check for any errors or issues reported by users.
- references: https://learn.microsoft.com/en-us/azure/active-directory/reports-monitoring/concept-sign-ins
Opportunities**
XXXXXXX ... free basic plan only
Potentional Risks**
XXXXXXX ... paid membership only
IT Security**
XXXXXXX ... paid membership only
** AI generated content. This information is not reliable.
a free basic plan is required to see more details. Sign up here
A cloudsocut.one plan is required to see all the changed details. If you are already a customer, choose login.
If you are new to cloudscout.one please choose a plan.