Teams loop GPO cookies allow
Denes, Laszlo
Hello Everyone,
Wondering if anyone has tried to fix this using GPO (EDGE / Chrome) and succeeded. As is often the case MS documentation is a little off afaic.
Noted here: Teams web client is stuck in a login loop - Microsoft Teams | Microsoft Learn
add the following sites:
· [*.]microsoft.com
· [*.]microsoftonline.com
· [*.]teams.skype.com
· [*.]teams.microsoft.com
· [*.]sfbassets.com
· [*.]skypeforbusiness.com
Took me a while to figure that it is located under GPO: User Configuration\Administrative Templates\Microsoft Edge\Content Settings\allow cookies on specific sites
But what I am struggling with is the actual values that need to be entered.
Can someone share how they did it please. Would be greatly appreciated.
Many thanks in advance for your time.
Regards,
Laszlo
Laszlo Denes
Technical Analyst Servers
Information Systems
The Salvation Army Toronto Grace Health Centre
650 Church Street, Toronto, ON M4Y 2G5
f: 416-925-3211
Exceptional and compassionate care for all.
Helton, Matt
Sure, I think I can answer this.
Once you enable the policy, you are able to click the “Show…” button to add sites. Per the examples at the bottom, and the items you posted, you’d click slow, then double-click the first blank line (may take a couple of double- or single-clicks to get it to put the cursor in the field), then type your [*.]microsoft.com. As soon as you trigger the cursor in the blank field, the next line “appears” to allow you to repeat the process with another URL when you’re done with the first. Repeat it until all the sites needed are listed there, then perform a reboot/GPupdate on the computer you’re testing this policy with.
Also, don’t be alarmed if the last line you enter still has a blank line that appears under it as that is always going to happen to give you the next place to enter potential entries. You can hit the ‘Enter’ key to start and complete a line, as well as start the next line for data, if you’re a keyboard person.
Later,
Matt Helton
(he/him/his)
Assistant System Administrator
Library Information Technology Services
Milner Library
Illinois State University
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Denes, Laszlo
Sent: Friday, June 16, 2023 10:33
To: ntsys...@googlegroups.com
Cc: Denes, Laszlo <lde...@torontograce.org>
Subject: [ntsysadmin] Teams loop GPO cookies allow
|
This message originated from outside of the Illinois State University email system. Learn why this is important |
--
You received this message because you are subscribed to the Google Groups "ntsysadmin" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
ntsysadmin+...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/ntsysadmin/YT2PR01MB102750E206E466A012CE56602BA58A%40YT2PR01MB10275.CANPRD01.PROD.OUTLOOK.COM.
Denes, Laszlo
Hey Matt appreciate and I should have been more specific.
Confusion is what to add as the example they list implies two entries for each site.
So if I add www.microsoft.com what else do I need to add as the 2nd entry?
Thank you in advance for your time.
Laszlo
Laszlo Denes
Technical Analyst Servers
Information Systems
t: ext. 214
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CH0PR03MB5988DF1896920D793543FD34AA58A%40CH0PR03MB5988.namprd03.prod.outlook.com.
Helton, Matt
Ok, so I checked out that URL from MS regarding the Teams loop, as I only did a cursory glance at it before my last email. It’s wanting you to set these URLs in-browser, not GPO. That’s why the “pairing” doesn’t seem to make sense between
the page and the GPO description. The final piece of the puzzle comes at the end of the example listing for that GPO:
*,https://www.contoso.com. The syntax is
the-site-with-third-party-cookies,the_site_you’ll_find_those_cookies_on. In the last example, it is saying to
allow all third-party cookies from www.contoso.com.
So you have a couple of choices, here. If you don’t care about the third-party cookies that
may exist from the Teams website, you may want to specify exact third-party cookies to accept. My understanding, also, is that you can specify exact third-party cookies to allow on a site, but don’t have to include all of them via the asterisk. For instance,
say a website had three instances of third-party cookies, but you only wanted to allow two of those on that site. You’d have lines similar to:
[*.]site1.thirdparty.com,https://mainsite.com
[*.]site2.anothersite.com,https://mainsite.com
The third site of third-party cookies wouldn’t be included and would still be blocked, providing you were blocking all third-party cookies (as I suspect you are).
I tested the GPO, to manually confirm registry locations and ensure the items would work, and here’s what I found.
- If you set the GPO and want to include the list on the page you linked, you’d want your GPO to look like the following:
- *,https://microsoft.com
- *,https://microsoftonline.com
- *,https://teams.skype.com
- *,https://teams.microsoft.com
- *,https://sfbassets.com
- *,https://skypeforbusiness.com
- When you open Edge, or refresh the settings page (F5), you’ll see your URLs appear on the list with the third-party cookies allowed designation.
- If you check the registry at
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge\CookiesAllowedForUrls, you’ll see the list you provided to the GPO.
I cannot 100% confirm this is correct based on my organization’s settings as they may be influencing the outcome. Your mileage may vary and, as always, make sure you test it before deploying it to all workstations.
Later,
Matt Helton
(he/him/his)
Assistant System Administrator
Library Information Technology Services
Milner Library
Illinois State University
From: ntsys...@googlegroups.com <ntsys...@googlegroups.com>
On Behalf Of Denes, Laszlo
Sent: Friday, June 16, 2023 11:47
To: ntsys...@googlegroups.com
Subject: [ntsysadmin] RE: Teams loop GPO cookies allow
|
This message originated from outside of the Illinois State University email system. Learn why this is important |
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/YT2PR01MB102750865DDD3AFD9B0DA0E8CBA58A%40YT2PR01MB10275.CANPRD01.PROD.OUTLOOK.COM.
Denes, Laszlo
Awesome insight… thank you… will play with it…
To view this discussion on the web visit https://groups.google.com/d/msgid/ntsysadmin/CH0PR03MB5988D097CD3FF20541188992AA58A%40CH0PR03MB5988.namprd03.prod.outlook.com.