Skip to main content
日本語 简体中文 繁體中文

[Access Control] How to Remove Federation When Unable to Log in to Access Control?

Question

Access Control is federated with Microsoft 365.
If access to Access Control becomes unavailable, can I disconnect the federation and revert to Microsoft 365 authentication?

Answer

You can disconnect the federation between Access Control and Microsoft 365 by using the Powershell command as per the following steps.

Notes

  1. After executing the command, it takes time for the federation to be disconnected.
    ※ The estimated time for disconnecting the federation is about 30 minutes to 1 hour.
  2. After disconnecting the federation, please perform a password reset for Microsoft 365.
    ※ If you are synchronizing passwords between Active Directory and Microsoft 365 using Microsoft's synchronization tool, this is not necessary.
  3. The Microsoft Graph PowerShell SDK module must be installed in PowerShell.
    Please ensure the following has been completed in advance.
    Installing Microsoft Graph PowerShell SDK

Procedure

  1. Launch PowerShell and execute the following command.

    Connect-MgGraph -Scopes "Domain.ReadWrite.All","Directory.AccessAsUser.All" -ErrorAction Stop
  2. A login dialog will appear, so log in with an account that has global administrator privileges for Microsoft 365.

  3. Execute the following command to check the domain information.
    Ensure that the "AuthenticationType" of the domain in use is "Federated".

    Get-MgDomain

    Screenshot_2023-01-26_at_11.05.16.png

  4. Execute the following command to disconnect the federation.
    ※ Immediately after disconnection, it may take time for the settings to be reflected within Microsoft 365, resulting in single sign-on behavior.

    Update-MgDomain -DomainId [YourDomain] -AuthenticationType "Managed"

  5. Execute the following command to check the domain information.
    Ensure that the "AuthenticationType" of the domain disconnected in step 5 is "Managed".

    Get-MgDomain

    Screenshot_2023-01-26_at_11.06.07.png

  6. Execute the following command to disconnect from Microsoft Graph.

    Disconnect-MgGraph

Please note that when disconnecting the federation using Powershell as in this procedure, the Status will not change on the Edit Connected Service screen.
※ You can check real-time information from [Manage Domains].
Please confirm and re-federate as necessary.

Screenshot 2025-09-11 17.06.00.png