TOPICS

How to disable Access Control (Microsoft 365)

  • Date created
  • Last updated date

for Microsoft 365

 

<<Precautions>>
******************************************************************************
1. It may take some time to disable the federation after the commands are executed.
  *For your reference, it may take from 30 minutes to 1 hour to disable the federation.
2. Please reset Microsoft 365 passwords after disabling the federation.
(This is unnecessary if a password synchronization tool between AD and Microsoft 365 is installed.)
3. After the federation is disabled, please login to Microsoft 365 at https://login.microsoftonline.com/.
******************************************************************************

1. How to disable the single sign on

1.1. Connect to Microsoft 365

Launch PowerShell on your PC and execute the following command.
(A PowerShell prompt is hereinafter referred to as "PS >".)

Connect-MsolServie.png

Connect-MsolService

After the login dialog is displayed, login as an administrator user.

SnapCrab_NoName_2018-4-26_11-39-21_No-00.png

1.2. Confirm the domain information

Confirm the domain information using the following command.

 SnapCrab_NoName_2018-4-26_11-40-51_No-00.png

Get-MsolDomain

Confirm that the "Authentication" for the domain in use is displayed as "Federated".

1.3. Disable the single sign on settings

The following is a command to disable the settings.
*It may behave with single sign on settings even after executing the command, since it may take time to reflect on Microsoft 365. Please try again after some time.

RemoveFederation.png

Set-MsolDomainAuthentication -Authentication Managed -DomainName [Target Domain]

Specify the domain where you want to disable the single sign on.

1.4. Confirm the domain information

Confirm the domain information using the following command.

SnapCrab_NoName_2018-4-26_11-43-48_No-00.png

After this step, "sample.co.jp" should be a non-single sign on domain.
Please confirm that the "Authentication" is displayed as "Managed" for all domains displayed.

 

2.How to delete the synchronization service

* This step is not necessary if you do not use our synchronization service. (HDE One Directory Sync)

[How to uninstall the HDE One synchronization service]
Please proceed with the following steps on a Windows server where the HDE One synchronization service is installed.

2-1. Go to [Control Panel] > [Programs and Features] and uninstall the following programs.
HDE One Directory Sync 1.2.1

2-2. Manually delete the folder "The C:\Program Files\HDE One Directory Sync" and all files under that folder.

2-3. In the case that the "C:\HDEOne" folder exists, manually delete the folder and all files under that folder.


3. Microsoft 365 password reset

This step is unnecessary if a password synchronization tool between AD and Microsoft 365 is installed.
* Please make sure to execute each command on one line each.

2-1. Create "C:\temp" folder

2-2. Login to PowerShell

SnapCrab_NoName_2018-4-26_11-47-39_No-00.png

* Please login with "onmicrosoft.com".

2-3. Get a user list

SnapCrab_NoName_2018-4-26_11-48-49_No-00.png

2-4.Manually delete meeting room accounts, etc. from the CSV user list.
* The CSV file is exported to "c:\temp".
* Please make sure to execute each command on one line each.

2-5. Password batch change

SnapCrab_NoName_2018-4-26_11-50-22_No-00.png

* Each user has to change their password after logging in to Microsoft 365.
* The password for all users will be the same. The 'XXXXXX' in the above command should be changed to an initial login password.
* Depending on the client's application, such as Outlook, the credential dialog may not be displayed in a prompt manner due to the Microsoft 365 credential cache retention function.

 

 

          
Was this article helpful?