Target

To the customer who is going to have Microsoft365 authentication controlled by the HENNGE Access Control via federation.

Purpose

This procedure aims to change the Microsoft 365 login to HENNGE. Access Control.

Caution

1. The Microsoft 365 login screen will be changed to HENNGE Access Control when the steps in this article are performed.

2. To activate federation for multiple domains, executing the command for all domains is required.

3. This procedure required the Microsoft 365 admin account(username&password).

Detailed Procedures

1. PowerShell から Microsoft 365 に接続できる環境の準備

Please refer to the following article to make sure that the PowerShell application is able to connect to Microsoft 365.

How to use PowerShell on Windows?

2. Microsoft 365 の既定のドメイン設定の確認

2.1. Microsoft 365 の管理画面にアクセスし、画面左側のメニュー内 [ すべてを表示 ] をクリックします。

2.2. 画面左側のメニュー内 [ セットアップ ] → [ ドメイン ] をクリックします。

2.3. Microsoft 365 の初期ドメイン [ xxxx.onmicrosoft.com ] の右側に " (既定) " と表示されていることを確認します。

Microsoft 365 の制限により、既定のドメインに対してはフェデレーションを有効にできません。
Microsoft 365 の初期ドメイン以外に " (既定) " と表示されている場合、こちら の手順で既定のドメインを Microsoft 365 の初期ドメインに変更してください。

Federation Procedure

1.2) Log in with your Administrator Account

First, run the Windows Azure Active Directory Module for Windows PowerShell that you have installed. 

1.2.1) Run the command below:

Connect-MsolService

1.2.2) After entering the command, a login dialog will pop up for you to input the login User name (xxx@yourdomain.onmicrosoft.com) and password of the administrator account that you choose to use.

1.3) Getting your Domain Information

After you have successfully logged in, to check the status of your domain environment with the command below:

Get-MsolDomain

After executing the command, you will be able to see the information of two domain names:

1. Your Access Control Domain
2. Your Microsoft 365 Domain 

If both of the domains have "Verified" for "Status" column and "Managed" for "Authentication" column, it means that you are ready for the next step which is Configuring Single Sign-on Settings. 

1.4) Changing the Default Domain

Please change your default domain from yourdomain.com to yourdomain.onmicrosoft.com by executing the command below:

Set-MsolDomain -name yourdomain.onmicrosoft.com -IsDefault

(2) Configuring Single Sign-on Settings

Step 1 - Inputting Setting Commands

Please refer to the HENNGE One Connection Setting document (Spreadsheet format) that we have provided, in the "Microsoft 365 Setup" Sheet, please copy the line 13 to line 20 as shown as below:

After successfully copied the lines of command, paste them altogether on Powershell at once.

After pasting onto Powershell, be sure to press Enter once more to ensure the commands are all executed.

Step 2 - Confirming your Domain Information

Finally, to ensure that the setup is successfully being carried out, execute the command "Get-MsolDomain" to make sure that the "Authentication" column for "yourdomain.com" is "Federated". 

If so, it means that the Single Sign-on Setup for your domain environment is completed and the users in your cloud environment could log in to all of the services using one single account.

(Optional) Disabling Single Sign-on 

To disable the Single Sign-on for your domain environment, simply execute the command below (Replace "yourdomain.com" to Your domain address) :

Set-MsolDomainAuthentication -Authentication Managed -DomainName yourdomain.com

This command will change the "Authentication" of your domain from "Federated" to "Managed". Hence, disabling the Single Sign-on.