Microsoft Technical Bulletins

The latest updates for all the Microsoft Products you use every day.

Written by Richard Quatier

My goal is to help your business by integrating processes that automate mundane tasks and simplify complex ones without breaking budgets.

Categories: Office 365

May 12, 2020

Blog Home

(Updated) Feature Update: Restricting form-based authentication in Office apps

From Microsoft Corporation

Major update: Announcement
Applies To: All
Updated May 5, 2020: To ensure the best possible experience for our users, we are delaying some of our deployments to reduce the amount of change flowing into the services. The new deployment timeline is outlined below.

To help provide additional security coverage, we are changing how form-based authentication in Office applications is handled. Forms-based authentication is a legacy authentication method for Office resources that are not protected by Azure Active Directory (AAD) or Microsoft account (MSA).

We’ll be rolling this out to the Office ProPlus Monthly Insiders channel starting in mid-February and other channels should expect the change to be deployed by the end of May (previously February).

Because Office does not know the location of the form-based authentication, Office will block such sign-in dialogs and will notify the end-user that the sign-in has been blocked.

Blocked

End users can unblock themselves by changing a security setting in Trust Center.

  • They can do so proactively by going to File > Options > Trust Center > Trust Center Settings > Form-based sign-in, or
  • They can wait until they have been prompted to open Trust Center via a warning dialog.
Trust Center

In the Trust Center > Form-based Sign-in panel, end-users should:

  1. Change “Block all sign-in prompts” to “Ask me what to do for each host”
  2. Select “Save” in the lower right corner of the window.

The list of safe hosts will be auto-populated based on future end-user actions.

After a user makes this change in Trust Center, Office will not block future sign-in prompts. Instead, it will show a dialog similar to this:

Do you trust

If an end-user clicks Yes at this step, two things happen:

  1. Office will show the sign-in prompt immediately.
  2. In the future, Office will provide sign-in prompts for this allowed host, which will be added to the list of “Hosts allowed to show sign-in prompts” in Trust Center > Form-based Sign-in.

What do I need to do to prepare for this change?

If you know, as an administrator, that your users should or should not be accessing content such as this, you can manage their access with a group policy:

  • Add a list of trusted locations by using a group policy. In this case, your users will be able to open documents from these locations without the warning.
  • Block form-based sign-in altogether by using a group policy. In this case, your users will not be able to open documents which require form-based sign-in. In this case, your users will not be able to open such documents.

You might also consider updating your user training and notifying your help desk.

Review group policy settings to Control how Office handles form-based sign-in prompts:

click to see larger group policy image

You May Also Like…

Introducing Override Alerts

Introducing Override Alerts

From Microsoft Corporation MC236362 · Published Jan 28, 2021 QuixTec provides technical bulletins 'unaltered' from Microsoft. As an authorized Microsoft Partner, experienced SharePoint development group and Office 365 expert, QuixTec's'...

Top Senders and recipient report to be retired

Top Senders and recipient report to be retired

From Microsoft Corporation - Action required by Mar 6, 2021 MC237975 · Published Feb 5, 2021 QuixTec provides technical bulletins 'unaltered' from Microsoft. As an authorized Microsoft Partner, experienced SharePoint development group and...

13 + 9 =

Call Now

(425) 367-9025

17939 95th Place NE

Bothell, WA 98011