Shared Device SSO (WebSSO) Failure on Microsoft Edge for Outlook and Teams (Web)

Shared Device WebSSO is failing on Edge for web-based Outlook and Teams, causing repeated sign-ins instead of seamless SSO on shared devices.

SOTI MobiControl

Android Enterprise

This behavior is typically observed in cloud environments where Microsoft Entra ID is integrated to provide Single Sign-On (SSO) experiences.

Note: Based on our product testing and validation, Shared Device SSO works as expected for Microsoft native applications such as Outlook, Teams, and Excel. However, this issue arises in a specific scenario where the customer is using the web versions of these applications (Outlook, Teams, Excel, etc.) due to Microsoft licensing constraints.

Please refer to the following link for details on the reported issues.

WebSSO Issue.mp4

Note: Although the video appears to show the native Outlook app being launched, this is actually the new SOTI SNAP Lockdown design, where an Outlook icon is configured to open the web-based Outlook via a web link.

During initial troubleshooting, we suspected that the issue might be related to an agent-side problem on our end. However, after raising a case with Microsoft and completing their investigation, it was confirmed that the issue is caused by a bug in the Microsoft Authenticator application. Microsoft has since released an updated version of Microsoft Edge (version 144.0.3719.81).

Steps to enable the toggle in Edge:

• Create an app policy and add the Edge browser
• Enable Manage App Config and search for Enable Web SSO for iframe requests
• Enable the toggle, then save and assign the policy to the device group.

Microsoft has also confirmed that they plan to expose this WebSSO flag via Managed App Configuration in a future Edge release, which will allow us to manage it centrally.

Good to Know information: With regard to the Teams web application, this is expected behavior. Users are prompted with a message indicating that the web version of Teams is not supported and are advised to download the mobile application instead. We have received clarification from the Microsoft team that, as long as the customer has a licensed desktop version of the Teams application, no additional license is required to access the Teams mobile app.

To confirm that the issue has been resolved, please sign out and then back in on the shared device. After logging in, launch the Edge browser; it should automatically sign you in to both the Outlook and Teams web applications.

Please refer to the video below for reference:

MSWebSSO.mp4