Microsoft 365 users a process called Federation to enable authentication through external directories such as SDO. During the SDO setup process, the Control Panel establishes that Federation between your Microsoft 365 tenant and SDO. Removing SDO as the authentication source required Defederating the Microsoft 365 tenant. Once the Defederation process is complete, Microsoft will become the authentication source for the tenant and users will no longer be prompted to log in using the Octopus Authenticator.
Once the Defederation process is complete, all user passwords will need to be set within the Microsoft 365 Admin Center. The Admin Center will also be used for any user password management going forward.
Defederating your Microsoft 365 tenant will require the use of Powershell, and will need to be completed using a Global Administrator user with a domain NOT currently Federated with SDO. We recommend using a Global Admin with the native *.onmicrosoft.com domain local to the tenant for this purpose.
The following are the steps used to Defederate your domain using Powershell.
1. In your Powershell window, run the following command if you have not previously connected to the Azure AD Module:
Install-Module MSOnline
This will install the MSOnline module for your Powershell client.
2. Connect to the Azure AD module in Powershell
Connect-MsolServiceYou will be prompted for your Global Admin credentials to connect.
3. Run the following command to Defederate your domain:
Set-MsolDomainAuthentication -DomainName “<domain>” -Authentication Managed
If no errors are reported then the Defederation process has been submitted.
The Defederation process typically takes 15-30 minutes to complete, but has been known to take a couple hours or more. On extremely rare occasions we have seen Defederation take 24 hours. The Global Admin will need to set new passwords for users in the Microsoft 365 Admin Center once the Defederation process has completed.
During the Defederation process, users will see screens like the following when attempting to log into their Microsoft 365 accounts:
This screen is normal and indicates that the Defederation process is under way. Users are recommended to try waiting and trying to log in a bit later if they encounter this screen. Once the Defederation process is complete, users will see a standard Microsoft password prompt after entering their username to login:
