FAQ
for Microsoft 365
Q.
When an HENNGE Access Control failure occurs, users can not login to Microsoft 365.
We want to know how to disable the single sign on settings for HENNGE Access Control on a temporary basis.
A.
The following is the procedure for how to disconnect HENNGE Access Control for the case in which users can not login to Offcie 365 through the HENNGE Access Control on a temporary basis. Please read <<Precaution>> carefully before executing the following <<Disabling Procedure>>.
-------------------------------------------
<<Precaution>>
-------------------------------------------
This is the procedure to login to Microsoft 365 in cases of emergency.
Please be careful, because you will not be able to login to HENNGE Mail Security, Online Storage and Secure Browser even if you execute the steps.
It takes time to disable the federation after the commands are executed.
*For your reference, it may take from 30 minutes to 1 hour to disable the federation.
After the federation is disabled, please longin to Microsoft 365 at https://login.microsoftonline.com/.
-------------------------------------------
<<Disabling procedure>>
-------------------------------------------
******Please make sure to execute each command on one line*******
0. Create "C:\temp" folder
2. Login to Power Shell
Connect-MsolService -Credential $credential
* Please login with "onmicrosoft.com".
3. Disable the federation
Set-MsolDomainAuthentication -Authentication Managed -DomainName yourdomain.com
* Please enter your Microsoft 365 domain for "yourdomain.com".
* It takes time to disable the federation after the command is executed.
4. Get a user list
Get-MsolUser -MaxResults 100000 | where { -not ($_.userprincipalname -like "*.onmicrosoft.com") } | select UserPrincipalName | Export-Csv c:\temp\volunteers.csv -NoTypeInformation
5. Manually delete meeting room accounts, etc. from the CSV user list.
* The CSV file is exported to "c:\temp".
6. Password batch change
Import-Csv c:\temp\volunteers.csv | where{Get-MsolUser -UserPrincipalName $_.UserPrincipalName; Set-MsolUserPassword -UserPrincipalName $_.UserPrincipalName -NewPassword 'XXXXXX' -ForceChangePassword $True}
* Each user has to change their passwords after logging in to Offcie365.
* The password for all users will be the same. The 'XXXXXX' in the above command should be changed to an initial login password.
* Depending on the client's application, such as Outlook, the credential dialog may not be displayed in a prompt manner due to the Microsoft 365 credential cache retention function.