Skip Navigation

Update the domain authentication method for
Microsoft 365
to use
Enterprise Identity

You can update existing domains when the email domain must be redirected to a different
Enterprise Identity
domain than
Microsoft 365
.
  1. Retrieve the current federation configuration for your domain. Type
    Get-MgDomainFederationConfiguration -DomainName
    domain
    -Authentication managed
    . Press Enter.
    For more information, see Get-MgDomainFederationConfiguration.
  2. Type
    New-MgDomainFederationConfiguration -DomainName
    domain
    -Authentication federated -ActiveSignInUri
    activeSignInURI
    -FederationBrandName
    brandName
    -IssuerUri
    issuerURI
    -SignOutUri
    SignOutURI
    -PassiveSignInUri
    passiveSignInURI
    -SigningCertificate
    certificateText
    -PreferredAuthenticationMethod
    protocol
    -FederatedIdpMfaBehavior acceptIfMfaDoneByFederatedIdp -PreferredAuthenticationProtocol saml
    . Press Enter.
    For more information, see New-MgDomainFederationConfiguration.
  3. Use
    Get-MgDomainFederationConfiguration -DomainName
    domain
    | Format-List
    to check the domain settings.