Applies ToExcel for Microsoft 365 Word for Microsoft 365 PowerPoint for Microsoft 365

There are two scenarios where the Microsoft 365 Real-Time Presence feature might not work as expected in the Word, Excel, and PowerPoint desktop applications, leading to issues with collaboration and document editing. 

Scenario 1: Proxy SSL Bumping/Break and Inspect

Proxy SSL (Secure Socket Layer) Bumping/Break and Inspect may cause the Real-Time Presence feature to not work as expected on desktop applications.

Why is this happening? 

  • Microsoft 365 attempts to connect to a real time service URL and retrieve a leaf server certificate to set up the handshake.

  • In some customer networks, SSL inspection on that URL may cause the certificate retrieved to be signed by a different intermediate authority than the default Microsoft authority.

  • Microsoft 365 must follow the certificate chain from the leaf to the root certificate to trust the leaf certificate and establish the real-time connection. If it is unable to locate the intermediate certificate, a handshake cannot be established.

Scenario 2: Proxy Authentication Using Signed-In User

One of the known limitations of the Real-Time Presence feature in the Word, Excel, and PowerPoint desktop applications is that it only supports proxy authentication using the signed-in user's credentials. Currently, the feature does not support prompting the user to provide different credentials if the initial authentication fails. Consequently, if the proxy requires different credentials than those of the signed-in user, this will prevent the Real-Time Presence features from working as expected, leading to issues with collaboration and document editing. ​​​​​​​

Why is this happening? 

  • A user might be signed into their machine with their company account but needs to access a proxy that requires different credentials for a different account.

  • There may be multiple proxies involved requiring different credentials, such as country-specific firewalls, company or government firewalls. Our current architecture does not support multiple authentication contexts, leading to authentication failures in these scenarios.

What can I do about it? 

We recommend the following steps to ensure the Real-Time Presence feature works correctly: 

  1. Exempt URLs from SSL Inspection (this applies to both Scenario 1 and Scenario 2): Admins can exempt the set of URLs (*.officeapps.live.com) from SSL inspection and SSL bumping entirely.

  2. Verify Certificate Chain (this applies only to Scenario 1): Admins can ensure that the certificate chain issued by their own proxy authority (from the leaf to the root certificate) is deployed on all client machines. Alternatively, configure your proxy to return the full certificate bundle including intermediate certificates.

Important: If these steps do not resolve the issue, consider reaching out to Microsoft Support for further assistance.

Learn more 

Facebook LinkedIn Email

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Microsoft 365 subscription benefits

Microsoft 365 training

Microsoft security

Accessibility center