Unable to use SSO with tenants that enforce device management compliance policy.

[r-henriques]

• I am running the latest version of Node and the tools
• I checked the documentation and found no answer
• I checked to make sure that this issue has not already been filed

Expected behavior

On a machine registed in AAD and with a valid compliance status, I expect to be able to sign in to my tenant inside an Excel add-in, even if the tenant enforces device compliance.

Current behavior

Using the [SSO quickstart] (https://docs.microsoft.com/en-us/office/dev/add-ins/quickstarts/sso-quickstart), signing in results in an compliance error as the device state does not meet my tenant's requirements. The details show my device is considered "Unregistered" inside the add-in but sign in works normally in a browser. Device is AAD joined.

Steps to Reproduce

Please provide detailed steps for reproducing the issue.

1. Test on a tenant that enforces device compliance.
2. Follow the [SSO quickstart] (https://docs.microsoft.com/en-us/office/dev/add-ins/quickstarts/sso-quickstart)
3. Run the sample and click the "Get My User Profile Button"

Context

Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.

• Operating System: Windows 11
• Node version: v14.18.1
• Office version: v2110 (build 14527.20178 C2R)
• Tool version:

Failure Logs

[r-henriques]

This looks very similar to this. I wonder if the underlying WebView2 control has the same flag set by Excel.

I tried researching but I couldn't find an option to set it through the manifest.xml or Excel settings.

[millerds]

If you suspect it's a problem with webview2 you can try using different web views in you project by running the following command (where is one of 'edge-chromium' (webview2) or 'edge-legacy' (webview) or 'ie' (ie webview):

npx office-addin-dev-settings webview manifest.xml

[r-henriques]

Thanks. Changing it to edge-legacy seems to work, allowing me to query the graph and populate the cells in Excel. This is fine for dev but not a solution for a published version as it relies on running that command.

Is there a configuration missing if webview2 is chosen?

[igor-ribeiiro]

I just followed all the steps on your issue and managed to follow the tutorial as normal with no errors on webview 2 (which was the one you were having trouble with).
There shouldn't be any configuration missing in webview2 and the project works just as normal.

Could you try rerunning the SSO configuration you ran on another device? Just to see if you can get it to work right away with webview2, as there may be something we are missing.

[jargil]

To clarify, for readers and folks on Office's engineering end. If the legacy Edge control works for you, then what is failing here is the fallback that uses the Dialog API, not the SSO API itself, the SSO API does not depend on what WebView control you use.

[millerds]

The SSO template has been updated significantly in recent months. Please try it out on a new project and re-open this (or log a new issue) if you are still encountering problems.