Disable Microsoft 365 / Entra ID Federation with PowerShell

Before you set up Single Sign On (SSO) with JumpCloud, you’ll want to verify that Federated SignOn is disabled in your organization for the domain you’re planning to federate with JumpCloud SSO. This ensures that any previous SSO configurations are disabled and allows the syncing of users to be done before activating the Microsoft 365 SSO application in the JumpCloud Admin Portal.

These steps are also applicable if you want to disable JumpCloud SSO for Microsoft 365 / Entra ID.

To read more on updating Federation of Domains, see Microsoft's Update or repair the settings of a federated domain in Microsoft 365, Azure, or Intune.

Setting a domain from federated to managed

  1. Install the Microsoft Graph PowerShell.
  2. Set the Execution Policy to Remote Signed:

Set-ExecutionPolicy RemoteSigned

  1. Connect to your Microsoft 365 / Entra ID tenant:

Tip:

If you need your Tenant ID, see Find your Microsoft 365 tenant ID.

Connect-MGGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All", "Organization.ReadWrite.All", "Directory.ReadWrite.All"

  1. Enter your Office 365 Global Administrator Credentials.
  2. Consent and Accept the requested scopes.
  3. Verify the domain is federated:

Get-MgDomain -DomainId “<YourO365Domain.com>”

  1. Change Federation Authentication from federated to managed:

Update-MgDomain –DomainId “<YourO365Domain.com>” -AuthenticationType Managed

  1. To check Federation status:

Get-MgDomain -DomainId “<YourO365Domain.com>”

  1. Disconnect Microsoft Graph:

Disconnect-MGGraph

Authentication Status is now listed as managed.

Back to Top

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case