a month ago
Just spent 30+ hours working on this so I thought I'd share
Had a few users contact me yesterday with the inability to use teams on their mac. Initial diagnosis was teams cache, so after combing thru thousands of posts and trying to clear the cache with no success, i began trying to uninstall/'reinstall, again, no success. This morning i was affected and ended up installing an OLD version of teams successfully. i tried to upgrade teams through the desktop client and same result. it was then that i noticed that the old version allowed me to use single sign on, and the new version wasnt even getting there.
the current resolution is that i have turned off ourMicrosoft Enterprise SSO plug-in for the affected devices.
if anyone happens to find the url for teams, feel free to share, or i will when i find it so i can put a nail in this coffin and be done with it. for today anyways.....until MS screws up something ELSE!
a month ago
This is the URL we use in our auto update script-
https://go.microsoft.com/fwlink/?linkid=2249065
it used to be -
https://go.microsoft.com/fwlink/?linkid=869428
a month ago
its not the links to the update i am looking for, its the sites needed for SSO in the extension. this is what i have now:
a month ago
I don't know if this is related or not, I've seen similar things in the past. I've come to believe that sometimes microsoft will screw up the auto update packages for teams; leaving the application in an often un-runnable state. The application will download an update and prompt the user to update; if the update is kicked off, the app will close attempt to update and then complain that it is damaged and refuse to run.
I wonder if microsoft is signing there update packages? To guard against this, I've handed off teams install / upgrade process to the Jamf App Catalog. yes, slower, but typically gives microsoft time to fix things. All that said, when i fixed by hand an old installer is usually the trick.
a month ago
You are not crazy. I have been affected by this as well. I have 2 devices that Teams would just not work with SSO. My fix was also removing the SSO profile from them. Eventually I wanted to get SSO working again so here was my workflow:
Make a smart or static group and add it to the exclusions of your SSO config profile (this way you can quickly get users up and running even if it isnt ideal)
Exclude the device from SSO config profile
Waited a day or so for tokens to expire.
Once tokens have expired
Clean MS Conditional Access from device
we have a self service button to run https://github.com/macbuddy-howto/jamfAAD-and-WPJ-scripts/blob/main/jamf-wpj-clean-up
then goto keychain Access Login/All Items search for icrosof and delete everything but the 2 certs (which cant be deleted)
Delete the device from AAD and MEM.
Push SSO extension back to the device.
Change default browser to Edge.
Sign into Edge
Enroll into MS Conditional Access.
Verify SSO identity is showing properly in Company Portal. (Open Company Portal, sign in, click face in top right)
Open Safari and Chrome verify you can get to https://myapps.microsoft.com/ and navigate to some of your resources
Then try Teams.
Mileage may vary on needing all of the above steps, but they seemed to play a factor in my issues. Also, if your org uses zscaler or any other DNS and or internet shaping tools verify they are not blocking traffic that is needed. I have pretty much given up on the chrome extensions as they often break or do nothing to assist as new versions of Chrome are released but here are the 2 that I have attempted to use.
Chrome extension:
https://chromewebstore.google.com/detail/my-apps-secure-sign-in-ex/ggjhpefgjjfobnfoldnjipclpcfbgbhl
https://chromewebstore.google.com/detail/microsoft-single-sign-on/ppnbnpeolgkicgegkbkbjmhlideopiji
MS documentation on SSO extension:
https://learn.microsoft.com/en-us/entra/identity-platform/apple-sso-plugin