Information Technology Services > Google Third-Party Cookie Block to Impact Outlook for Web Sign-In

Google Third-Party Cookie Block to Impact Outlook for Web Sign-In

September 3, 2024

Microsoft is migrating the authentication platform for Outlook on the web to a public client authentication model using Microsoft Authentication Library (MSAL).

Starting late September, this migration will subject Outlook on the web to Google’s third-party cookie block that may be active in Google Chrome and Microsoft Edge.

Google’s third-party cookie block will impact navigation to Microsoft Entra ID for silent single sign-on (SSO). Outlook on the web may then require WSU users to complete authentication more frequently to continue accessing the online email service.

This authentication issue will not affect the new Outlook for Windows, Outlook (classic), Outlook for Mac, Outlook Mobile for iOS, and Outlook Mobile for Android.

WSU users who access Outlook on the web via Chrome or Edge and have third-party cookie blocking enabled may start seeing the following issues in late September:

When a session is open for more than 24 hours, a red banner below the ribbon will display and require users to sign in.
When accessing deep linked messages, calendar events, and contacts that direct them to a specific location in an app via another window or tab, a blocking dialog requesting users to return to Outlook on the web to sign in will display when the deep-linked item’s authentication token expires.
Embedded experiences may stop functioning and the associated app(s) may provide an app-specific experience to refresh their login token. Alternatively, users can right-click the app to launch it in a browser or refresh the entire Outlook on the web session.

Please review an example of the session expiration banner that may appear:

Outlook on the web displaying sign-in prompt following session expiration. — Outlook on the web

Please review an example of the session expiration prompt that may appear:

Session expiration prompt on Outlook on the web.

To best mitigate this issue, Information Technology Services (ITS) recommends that WSU users experiencing increased sign-in prompts in Outlook on the web install the Microsoft Single Sign On browser extension. This Chrome browser extension works in Chrome and Edge and prevents the browser from prompting users to re-authenticate.

Technical support teams may need to assist users with adding this extension on WSU-owned devices with administrative access restrictions.

WSU IT departments are also encouraged to incorporate this extension in future builds or consider implementing via policy or SCCM for WSU-owned computers. View additional information on different Chrome extension deployment options across various operating systems.

For any questions regarding this scheduled change, please contact Crimson Service Desk at crimsonservicedesk@wsu.edu or 509-335-4357.