Skip to main content

UTS Outlook Issues

{{@9#bkmrk-callout-danger-NoResponsibilityDisclaimer-5wod5ufe}}

Introduction

UTS response plan for general Microsoft AAD Broker Plugin issues. All Windows file and registry changes are at the user profile level, which will require the user to be logged into the session host environment.

Requirements

  • Configuration changes should be made under the logged-in user.

Instructions

  1. Connect to the user's computer to identify the remote desktop session and server they are connected to. Changes can be made either from the user's computer that is remoting in or directly on UTS-AZ-RDSH1 or UTS-AZ-RDSH2 via Screen Connect, after determining which of these two servers is hosting the user's active session.

  2. Sign out of all Office apps (Outlook, etc.).
  3. Close all Office apps (Outlook, etc.).

  4. Sign out of the remote desktop environment.

  5. Sign in to the remote desktop environment.

  6. In the Windows Registry, navigate to:
    Computer\HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity

    Create DWORD values:

    DisableAADWAM = 1
    DisableADALatopWAMOverride = 1

    Alternatively, you can run the following PowerShell snippet to do the same thing:

    $regPath = 'HKCU:\Software\Microsoft\Office\16.0\Common\Identity'
$values  = @{
    DisableAADWAM               = 1
    DisableADALatopWAMOverride  = 1
}

# Ensure key exists
if (-not (Test-Path $regPath)) {
    New-Item -Path $regPath -Force | Out-Null
}

# Set values
foreach ($name in $values.Keys) {
    New-ItemProperty -Path $regPath -Name $name -PropertyType DWord -Value $values[$name] -Force | Out-Null
}

# Optional: display what was set
Get-ItemProperty -Path $regPath -Name $values.Keys | Select-Object DisableAADWAM, DisableADALatopWAMOverride

    What DisableAADWAM=1 changes:
    It tells Office apps (Outlook/Word/Excel/etc.) not to use Windows Web Account Manager (WAM), which relies on the Microsoft.AAD.BrokerPlugin cache and Windows account token broker. Office will fall back to its built-in authentication path.


  7. Run the following PowerShell snippet:
    New-Item -Path 'HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity' -Force | Out-Null
New-ItemProperty -Path 'HKCU:\SOFTWARE\Microsoft\Office\16.0\Common\Identity' -Name 'EnableADAL' -PropertyType DWord -Value 1 -Force | Out-Null

    What EnableADA=1 changes:
    Enables Office ADAL/modern authentication behavior per user (commonly associated with Azure AD sign-in for Office).

  8. In the Windows File Explorer, delete the contents of: 
    %LOCALAPPDATA%\Packages\Microsoft.AAD.BrokerPlugin_cw5n1h2txyewy

    Afterwards, verify the contents have been removed.

  9. Sign out of the remote desktop environment.

  10. Sign in to the remote desktop environment.

  11. Launch and sign in to Outlook.

Troubleshooting

N/A

Sources

KB Change/Issue Log

yyyy/mm/dd - Title

Issue

N/A

Solution

N/A

Sources
  • N/A

KB Meta

Page Includes

@9#bkmrk-callout-danger-NoResponsibilityDisclaimer-5wod5ufe
Back to top