Target
To the customer who is going to have Microsoft365 authentication controlled by the HENNGE Access Control via federation.
Purpose
This procedure aims to change the Microsoft 365 login to HENNGE. Access Control.
Caution
1. The Microsoft 365 login screen will be changed to HENNGE Access Control when the steps in this article are performed.
2. To activate federation for multiple domains, executing the command for all domains is required.
3. This procedure required the Microsoft 365 admin account(username&password).
Detailed Procedures
1. Connect to Microsoft 365 via the PowerShell
Please refer to the following article to make sure that the PowerShell application is able to connect to Microsoft 365.
How to use PowerShell on Windows?
2. Confirm the default setting on the Microsoft 365
2.1. Access the Microsoft 365 admin console, click 「Setting」 -> 「Domains」
2.2.Please confirm if the Microsoft 365 initial domain 「xxx.onmicrosoft.com」is set as the default domain in the tenant.
If the Microsoft 365 initial domain is not set as the default domain, please kindly refer to the article and change it to 「xxx.onmicrosoft.com」
Federation Procedure
1.2) Log in with your Administrator Account
First, run the Windows Azure Active Directory Module for Windows PowerShell that you have installed.
1.2.1) Run the command below:
Connect-MsolService
1.2.2) After entering the command, a login dialog will pop up for you to input the login User name (xxx@yourdomain.onmicrosoft.com) and password of the administrator account that you choose to use.
1.3) Getting your Domain Information
After you have successfully logged in, to check the status of your domain environment with the command below:
Get-MsolDomain
After executing the command, you will be able to see the information of two domain names:
- Your Access Control Domain
- Your Microsoft 365 Domain
If both of the domains have "Verified" for "Status" column and "Managed" for "Authentication" column, it means that you are ready for the next step which is Configuring Single Sign-on Settings.
1.4) Changing the Default Domain
Please change your default domain from yourdomain.com to yourdomain.onmicrosoft.com by executing the command below:
Set-MsolDomain -name yourdomain.onmicrosoft.com -IsDefault
(2) Configuring Single Sign-on Settings
Step 1 - Inputting Setting Commands
Please refer to the HENNGE One Connection Setting document (Spreadsheet format) that we have provided, in the "Microsoft 365 Setup" Sheet, please copy the line 13 to line 20 as shown as below:
After successfully copied the lines of command, paste them altogether on Powershell at once.
After pasting onto Powershell, be sure to press Enter once more to ensure the commands are all executed.
Step 2 - Confirming your Domain Information
Finally, to ensure that the setup is successfully being carried out, execute the command "Get-MsolDomain" to make sure that the "Authentication" column for "yourdomain.com" is "Federated".
If so, it means that the Single Sign-on Setup for your domain environment is completed and the users in your cloud environment could log in to all of the services using one single account.
(Optional) Disabling Single Sign-on
To disable the Single Sign-on for your domain environment, simply execute the command below (Replace "yourdomain.com" to Your domain address) :
Set-MsolDomainAuthentication -Authentication Managed -DomainName yourdomain.com
This command will change the "Authentication" of your domain from "Federated" to "Managed". Hence, disabling the Single Sign-on.