locked
Office2016 account login name is not matching with Azure AD Account for Azure Information Protection RRS feed

  • Question

  • Hi Techs,

    We have deployed Azure Information protection in our environment and we use email address as an alternate login Id for Azure Information protection with ADFS. Now Azure AD have all users synced with Alternate login id.

    Now the challenge we are facing is the Office2016 or 2013 office account is login with local AD DOMAIN (which is non-routable domain like adworld.ad). In-order to access the protected email or secure document his Office2016 or 2013 account should me matched with Azure AD and this is what we are missing.

    We can do it through manuall process by switch account in office from adworld.ad to user@adworld.com (matching with AZURE AD account). I am looking for a script or any other better option to make this change in our entire 1200 users infra.

    Wednesday, December 6, 2017 10:30 AM

All replies

  • Syed,

    There is no simple way, in order for office to successfully talk between Azure Active Directory and Azure Information Protection. Office is required to collect a token from Azure Active Directory, usually during the Sign-in process whenever you authenticating the office client for the subscription ( More for Office 365 ).

    If you're comfortable with the office suites using the Azure accounts, then my suggestion would be to apply this via GPO -> 

    https://support.microsoft.com/en-us/help/2913639/office-applications-periodically-prompt-for-credentials-to-sharepoint

    This will prevent the office account using your local information and require the users to sign-in with their Azure accounts. This is a 1 step process for the end users, but it'll be a lot less work from an Administrative standpoint.

    Hopefully this helped

    Friday, December 22, 2017 2:16 AM