Did you know: there is an updated feature restricting form-based authentication in Office apps that will be rolling out to the Office ProPlus Monthly Insiders channels in mid-February 2020 and other channels by the end of February 2020.
To help provide additional security coverage, Microsoft is hanging how form-based authentication in Office applications is handled. Forms-based authentication is a legacy authentication method for Office resources that are not protected by Azure Active Directory (AAD) or Microsoft account (MSA).
Because Office does not know the location of the form-based authentication, Office will block such sign-in dialogs and will notify the end-user that the sign-in has been blocked.
End users can unblock themselves by changing a security setting in Trust Center.
– They can do so proactively by going to File > Options > Trust Center > Trust Center Settings > Form-based sign-in, or
– They can wait until they have been prompted to open Trust Center via a warning dialog.
In the Trust Center > Form-based Sign-in panel, end-users should:
– Change “Block all sign-in prompts” to “Ask me what to do for each host”
– Select “Save” in the lower right corner of the window.
The list of safe hosts will be auto-populated based on future end-user actions.
After a user makes this change in Trust Center, Office will not block future sign-in prompts. Instead, it will show a dialog similar to this:
If an end-user clicks Yes at this step, two things happen:
– Office will show the sign-in prompt immediately.
– In the future, Office will provide sign-in prompts for this allowed host, which will be added to the list of “Hosts allowed to show sign-in prompts” in Trust Center > Form-based Sign-in.
What do I need to do to prepare for this change?
If you know, as an administrator, that your users should or should not be accessing content such as this, you can manage their access with a group policy:
– Add a list of trusted locations by using a group policy. In this case, your users will be able to open documents from these locations without the warning.
– Block form-based sign-in altogether by using a group policy. In this case, your users will not be able to open documents which require form-based sign-in. In this case, your users will not be able to open such documents.
Review group policy settings to Control how Office handles form-based sign-in prompts: