是否有一种方法可以在 Office Web 插件中禁用域信任/安全提示?

huangapple go评论59阅读模式
英文:

Is there a way to disable domain trust/security prompts in office web add-ins?

问题

We have an Outlook web add-in deployed via centralized deployment that is presenting users with the following prompt:

"embedded page at FQDNofWebAppService says
The domain EXO-OWA-FQDN is acting as Microsoft Office and can run Office add-ins, which may access your personal data. If you trust the domain to run as Office and access your data, click OK to continue."

If the user clicks OK, the add-in performs as expected; however, if the user clicks Cancel they see the following message in the taskpane:

"This add-in has been disabled to keep you safe. To continue using the add-in, validate that this item is hosted in a trusted domain or open it in the Office desktop app."

It appears that we only see this in OWA, not Outlook desktop as the last part of the message suggests.

I tried updating the AppDomains property of the manifest to include the OWA FQDN, but am still seeing this popup. I didn't include the FQDN of the app service instance it's being hosted out of because that's already specified in the sourcelocation property.

I'm expecting to be able to, as the tenant/global admin, to be able to trust the add-in (Similar to how global admins grant consent to apps to avoid users faced with consent prompts) such that users aren't presented with the prompt. Is this possible?

I did come across this office-js issue on Github, however, it's dated and referenced Exchange Server whereas this is Exchange Online: https://github.com/OfficeDev/office-js/issues/1441

英文:

We have an Outlook web add-in deployed via centralized deployment that is presenting users with the following prompt:

"embedded page at FQDNofWebAppService says
The domain EXO-OWA-FQDN is acting as Microsoft Office and can run Office add-ins, which may access your personal data. If you trust the domain to run as Office and access your data, click OK to continue."

If the user clicks OK, the add-in performs as expected; however, if the user clicks Cancel they see the following message in the taskpane:

"This add-in has been disabled to keep you safe. To continue using the add-in, validate that this item is hosted in a trusted domain or open it in the Office desktop app."

It appears that we only see this in OWA, not Outlook desktop as the last part of the message suggests.

I tried updating the AppDomains property of the manifest to include the OWA FQDN, but am still seeing this popup. I didn't include the FQDN of the app service instance it's being hosted out of because that's already specified in the sourcelocation property.

I'm expecting to be able to, as the tenant/global admin, to be able to trust the add-in (Similar to how global admins grant consent to apps to avoid users faced with consent prompts) such that users aren't presented with the prompt. Is this possible?

I did come across this office-js issue on Github, however, it's dated and referenced Exchange Server whereas this is Exchange Online: https://github.com/OfficeDev/office-js/issues/1441

答案1

得分: 1

我在GitHub上发布了一个问题后,也收到了答案:https://github.com/OfficeDev/office-js/issues/3310

底线是,这个提示出现是因为我们自行托管了OfficeJS文件(作为解决OfficeJS文件中的问题的权宜之计),而不是从Microsoft托管的位置访问它。

英文:

I received an answer to this after also posting an issue on GitHub: https://github.com/OfficeDev/office-js/issues/3310

Bottom line, the prompt was appearing because we were self-hosting the OfficeJS file (As a workaround for an issue we found in the OfficeJS file) instead of accessing it from the Microsoft hosted location.

huangapple
  • 本文由 发表于 2023年4月20日 07:21:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/76059488.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定