VMware Horizon – Office 365 activation and Teams Roaming

Release date: July 21th 2022

Welcome to my VMware Horizon series. Getting Microsoft Office 365 and Teams to work with VMware Horizon Instant Clones is something I see a lot of people struggling with. I guess that VMware also see this and therefore have created a great post on Tech Zone about this here: Best Practices for Delivering Microsoft Office 365 in VMware Horizon (Tech Zone)

Having read the above article, I wanted to put this to a test. My set up will be as shown below, using FSLogix containers to roam Office and some profile settings, while Dynamic Environment handles the rest of the User experience.

Before I proceed with the actual configurations, I will do a quick explanation about installing Office 365 and Teams.

First of all, I install MS Office using the «SharedComputerLicensing” property, as described here: Install Microsoft Office 365 Pro Plus

<Configuration>
  <Add OfficeClientEdition="64" Channel="Monthly">
    <Product ID="O365ProPlusRetail">
      <Language ID="en-us" />
      	<ExcludeApp ID="Groove" />
      	<ExcludeApp ID="Lync" />
      	<ExcludeApp ID="Teams" />
    </Product>
  </Add>
  <Property Name="SharedComputerLicensing" Value="1" />
  <Property Name="SCLCacheOverride" Value="0" />
  <Property Name="AUTOACTIVATE" Value="0" />
  <Property Name="FORCEAPPSHUTDOWN" Value="FALSE" />
  <Property Name="DeviceBasedLicensing" Value="0" />
  <Display Level="None" AcceptEULA="True" />
  <AppSettings>
    <Setup Name="Company" Value="FreLab" />
  </AppSettings>
</Configuration>

Next, when it comes to installing Teams, I add the following reg-key beforehand, using my MDT Task Sequence. This will enable media optimization for Teams ref: Use Microsoft Teams on Azure Virtual Desktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Teams
DWORD: IsWVDEnvironment 
Value: 1
reg.exe add "HKLM\SOFTWARE\Microsoft\Teams" /v IsWVDEnvironment /t REG_DWORD /d 1 /f

Next, I install teams through MDT using the following syntax:

msiexec.exe /i Teams_windows_x64.msi ALLUSER=1 ALLUSERS=1

In order to get roaming of both credentials and office settings to work, I had to utilize, not only FSLogix Office Container, but also Profile Container. This is most likely due to the fact that I’m testing using my corporate Office 365 credential, while not having any AD Sync running between my LAB domain and the Azure AD, naturally, so not getting SSO to work. Anyway, I have documented how to set up FSLogix here: Microsoft FSLogix – Setup and Configure

As described by VMware Tech Zone here, FSLogix Office Container + Dynamic Environment Manager + App Volumes, I also need to disable the Office templates from Dynamic Environment manager

I also made sure to roam both <AppData>\Microsoft\Crypto and <AppData>\Microsoft\Protect using the Personal Certificate template in DEM

Although I had enabled the settings above, I still saw issues with authentication and MFA, therefore I added the following reg-keys using DEM. Note, test before applying these keys, because it is not recommended by Microsoft to disable WAM. Disabling ADAL or WAM not recommended for fixing Office sign-in or activation issues

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DWORD: DisableADALatopWAMOverride
Value: 1

DWORD: DisableADALatopWAM
Value: 1

DWORD: DisableAADWAM
Value: 1

Having done all the configurations above, I finally had roaming of Office 365 credentials and settings, including Teams, up and running. BUT, I still got the “Stay signed in to all your apps” message now and then.

To avoid these, I added the following reg-keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin
DWORD: autoWorkplaceJoin
Value: 0
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WorkplaceJoin
DWORD: BlockAADWorkplaceJoin
Value:1

As for now, using this configuration works great. But I do caution that it is smart to test these settings before going into production due to support etc. Another caveat is the disk space that is going to be used by each user. Depending on the scenario to be set up, FSLogix containers can be quite large, with roaming of office, especially Outlook with OST, and Teams. So, as I mentioned above, be sure to test beforehand and see what amount of disk space that is required to handle a larger number of users. With my test-user I saw the following numbers:

  • FSLogix Profile Container – 500 MB
  • FSLogix Office Container – 2,1 GB -> Includes Outlook OST
  • DEM Archive folder – 16 MB

Recommended reading:

MSEndpointMgr: Are you tired of “Allow my organization to manage my device”?

MS: Teams for Virtualized Desktop Infrastructure

Official VMware Documentation about this topic:

Best Practices for Delivering Microsoft Office 365 in VMware Horizon (Tech Zone)

VMware Horizon planning, deployment etc.

Official VMware Horizon 8 Documentation

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: