How to disconnect HDE Access Control for Office 365

users

Q.

When an HDE Access Control failure occurs, users can not login to Office 365.
We want to know how to disable the single sign on settings for HDE Access Control on a temporary basis.

A.
The following is the procedure for how to disconnect HDE Access Control for the case in which users can not login to Offcie 365 through the HDE Access Control on a temporary basis. Please read <<Precaution>> carefully before executing the following <<Disabling Procedure>>.
 
-------------------------------------------
<<Precaution>>
-------------------------------------------
This is the procedure to login to Office 365 in cases of emergency.
Please be careful, because you will not be able to login to HDE Mail Security, Online Storage and Secure Browser even if you execute the steps.
 
It takes time to disable the federation after the commands are executed.
*For your reference, it may take from 30 minutes to 1 hour to disable the federation.
 
After the federation is disabled, please longin to Office 365 at https://login.microsoftonline.com/.
 
-------------------------------------------
<<Disabling procedure>>
-------------------------------------------
******Please make sure to execute each command on one line*******
 
0. Create "C:\temp" folder
 
2. Login to Power Shell
Connect-MsolService -Credential $credential
* Please login with "onmicrosoft.com".
 
3. Disable the federation
Set-MsolDomainAuthentication -Authentication Managed -DomainName yourdomain.com
* Please enter your Office 365 domain for "yourdomain.com".
* It takes time to disable the federation after the command is executed.
 
4. Get a user list
Get-MsolUser -MaxResults 100000 | where { -not ($_.userprincipalname -like "*.onmicrosoft.com") } | select UserPrincipalName | Export-Csv c:\temp\volunteers.csv -NoTypeInformation
 
5. Manually delete meeting room accounts, etc. from the CSV user list.
* The CSV file is exported to "c:\temp".
 
6. Password batch change
Import-Csv c:\temp\volunteers.csv | where{Get-MsolUser -UserPrincipalName $_.UserPrincipalName; Set-MsolUserPassword -UserPrincipalName $_.UserPrincipalName -NewPassword 'XXXXXX' -ForceChangePassword $True}
* Each user has to change their passwords after logging in to Offcie365.
* The password for all users will be the same. The 'XXXXXX' in the above command should be changed to an initial login password.
* Depending on the client's application, such as Outlook, the credential dialog may not be displayed in a prompt manner due to the Office 365 credential cache retention function.

 

          
Was this article helpful?

Frequently Asked Questions (FAQs)

Powered by Zendesk