Staged Rollout to Azure AD Authentication cutover to Managed - AAD Connect cleanup?

Pat Moughan 21 Reputation points
2022-01-29T00:26:14.64+00:00

I recently completed the staged rollout to Azure AD authentication from ADFS. I converted the domain from federated to managed using the power shell commands listed in the documentation:

Set-MsolDomainAuthentication -Authentication Managed -DomainName <domain name>

SSO and Azure AD Auth appear to be working as expected as they did while we were under staged rollout and i am no longer seeing requests at my ADFS farm. My question is related to AAD connect as the documentation(https://learn.microsoft.com/en-us/azure/active-directory/hybrid/migrate-from-federation-to-cloud-authentication) doesnt appear to call it out specifically unless i misunderstood the order of steps but my User sign-in method in AAD connect is still set to Federation with ADFS and SSO is unchecked. The output from get-msoldomain does show my domain being in Managed state and no longer Federated. Will changing AAD connect to reflect PHS/SSO junk anything up or is this better left alone?

Thanks.

Pat

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,567 questions
0 comments
Accepted answer
  1. Givary-MSFT 28,321 Reputation points Microsoft Employee
    2022-01-31T07:24:29.04+00:00

    @Pat Moughan

    Apologies for the delay in responding.

    I would recommend updating the information related to Authentication ( from Federated to Managed ) in the Azure AD Connect. Always prefer to use Azure AD Connect tool to make these changes.

    Would suggest to run the wizard in the Azure AD Connect by unchecking the federation option and other options ( keeping default as before ) for authentication ( PHS or PTA ) as per your current requirement and no issues will be seen/reported in Azure AD/or with users while accessing the applications.

    If you have any other questions, please let me know.

    Thank you for your time and patience throughout this issue.

    ----------

    Please remember to "Accept Answer" if helped, so that others in the community facing similar issues can easily find the solution.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Pat Moughan 21 Reputation points
    2022-02-01T01:30:33.04+00:00

    Thank you for the confirmation on what the expected behavior would be upon making this change. I made the change around 8 hours ago and everything continued running seamlessly. SSO is now showing checked in AAD as well.

    0 comments