Acknowledge exceptions for third party cookies instead of demanding a huge security hole!
I tried Chrome, IE 11, and Edge (don't get me started on the Edge issues!) and all required that third party cookies be fully enabled. It would not acknowledge an exception for all teams.microsoft.com addresses.
IE 11 is riddled with script errors and it prevents the download of the desktop app.
For Chrome allow this site in regards to cookies:
....at least tell us which 3.part cookies you are using so we can open up for those.
Enable 3rd part cookies in general is insane!
[Deleted User] commented
Yes. A simple admin page absolutely should not require third party cookies.
Entire US Govt agencies are unable to use MS Teams. 3rd party cookies disabled by policy for the enterprise. I can't believe that 3rd party cookies are required and there is no alternate solution for the web. The desktop client isn't installed or available to us yet.
this seems to be very old issue that hasnt been resolved yet. I am surprised this isnt addressed till now. I wish they address it with priority
As per usual: Function first, add security only AFTER someone is hacked because of it.
I would like to add my voice to this.
The service should not rely on Third Party cookies to function.
We have sites that cannot use teams web application because of the 3rd parth cookies and their firewalls have blocked access. Please remove all third party cookies from the tool.
100% BS requiring dumbing down security measures to allow use. Will keep our dept clear of this nonsense.
Can I just say I have been allowing 3rd party cookies for 25 years and never had a problem with them. You get warned when the browser knows a site is no good so you can cancel prior to actually being on it.
I am all over the internet every day at least 6 hours a day with work and personal. Thinking may be thing of the past.
I think you would need cookies with O365 sites in order for necessary operations between your client and the Server.
I am not an MVP just a business owner so take this with a grain of salt, I am just giving an opinion based on my usage.
Wishing everyone a properous new year!!
Richard van den Berg commented
Has similar error on fresh Windows 10 installation. Tried to open Microsoft Teams in Chrome. received error message "D'oh! To open the web app, you need to change your browser settings to allow third-party cookies."...
Added teams.microsoft.com as trusted site on Ghostery which solved the issue.
I use Office 2016, not O365 (which, as a one-person user, I do not need) and still use a Windows Phone so the only way I can access the Microsoft Team that I was added to (by a Microsoft employee) is via Microsoft Edge! For security reasons I will not allow third party cookies and, thus, cannot access Microsoft Teams. Additionally, as a Windows Insider MVP and Bing Insider, without Skype for Business, this will prevent me from attending online sessions!!!
What a joke - I'll actively avoid using the thing.
The error page saying I had to enable third party cookies drove me nuts since it's a huge security liability. Why don't you make an actually useful error page that says something like "Please add login.microsoftonline.com" to your white list for cookies? I think this is what fixed the issue for me.
I agree. Withholding services to people who take the perfectly reasonable security measure of blocking third-party cookies is unacceptable. This is a PR black-eye for Microsoft, especially in the eyes of security and privacy professionals.
Perhaps MS is not aware that third-party cookies are blocked by default in the Apple Safari browser, making this product inaccessible to non-technical users on the Mac OS platform.
Ken Hoover commented
At least publish a list of exceptions so users who run Linux desktops can participate in Teams without having to enable 3rd party cookies across the board.
Mark Schwenk commented
Why are third party cookies required? Would it help to stop using so many different domains and instead use subdomains of microsoft.com (i.e. online.microsoft.com instead of microsoftonline.com)?
Keith B commented
While it's not really a "huge security hole " AFAIK, it is a privacy issue. Ofc, in the future a zero-day could exploit 3PC, and then we'd be in trouble - thanks, Microsoft! Every other website in the world works when you add an exception. Microsoft is the world's largest software company - how can they not get this right? Also, I want to punch the stupid hipster on the error message for this in his stupid face.
Our company does not wish to add an exception. I would rather log on three times than being blocked from teams. Could we bypass this with an additional log on perhaps?