Hi everyone!
Has anyone ever converted a domain from federated back to managed? I'm curious about the process and whether users will have to sign in again on all of their devices. From what I've gathered, it seems like I just need to run a single command:
Update-MgDomain -DomainId -AuthenticationType "Managed"
Currently, we're using an IdP for multifactor authentication, but we're looking to transition to Microsoft's native MFA. We've set up our conditional access policies for this change. Any insights would be appreciated!
3 Answers
What IdP are you using for your current setup?
I think running that command should do the trick, but definitely prepare for users to have to log back in. Just in case, make sure to check the conditions of your existing setup to avoid any surprises!
I suggest starting with a pilot group first. You never know how cached credentials might behave during the switch.
You're spot on. From what I recall, you can't just unfederate some users while keeping others federated. It's a domain-wide change, so it's all or nothing. But I've heard there could be new options with External Authentication Methods, though I couldn't find much info on that.