This guide will walk you through the process of defederating your Microsoft 365 account, empowering you to take charge of your digital assets. For Microsoft 365 users, ensuring independence from federated services like GoDaddy can be a crucial step towards autonomy and security. Maintaining control over your online presence and data is paramount.
Understanding Federated Services
Federated services, like GoDaddy, provide convenience by managing various aspects of your online presence, such as domain hosting and email services. However, relying solely on these services can limit your control over critical components of your digital identity.
Prepare Your End Users (Password Check)
Defederating requires users to reset their passwords to log in to their account. You will need to have a password list to distribute to them or have them provide you with passwords beforehand.
You can reset them all to a temporary password after federation and then they can change to whatever they need to after. (Following your desired password protocols)
Users may run into activation prompts within their office apps and outlook during the license transition, provide them documentation for how to sign back in after the license switch has taken place.
Become a Tenant Admin in GoDaddy
When a user sets up a 365 account directly with GoDaddy, they set up the initial user as an “admin” user but this user is redirected to the GoDaddy portal when trying to access the admin tab when going to Office.com. In order to fix this, we need to gain access to the true Global Admin so that we can perform the necessary powershell scripts to defederate the tenant.
- Login to Portal.Azure.com with the admin user that was set up when the account was first created and click on the 3 lines in the top left corner
- Click on Entra ID. Then click on Users when the new tabs open up
- Here you should see a user label with “admin@yourdomain.onmicrosoft.com”
- Click on this user and reset their password. (If you already have access to this user, you can disregard this step.)
- In the browser, go to office.com and sign in with that username and temporary password. Establish a new password. With this completed, you now have a user that can run the necessary powershell commands in the future steps.
TIP: Utilize conditional access to lock this account down with MFA if you plan to keep the Global Admin around after this migration.
Run PowerShell Script Example:
Write–Host “Checking for MSGraph module…”
$Module = Get–Module –Name “Microsoft.Graph.Identity.DirectoryManagement” –ListAvailable
if ($Module –eq $null) {
Write–Host “MSGraph module not found, installing MSGraph”
Install–Module –name Microsoft.Graph.Identity.DirectoryManagement
}
Connect–MgGraph –Scopes “Directory.Read.All”,“Domain.Read.All”,“Domain.ReadWrite.All”,“Directory.AccessAsUser.All”
#Enter the Admin credentials
Get–MgDomain
Update–MgDomain –DomainId “<InsertFederatedDomain>” –Authentication Managed
Reset Users Password
Either reset all user passwords manually or upload a CSV file with the passwords. If you plan to do them manually, then you can simply login to office.com as the admin we derived from section B and now that the tenant is defederated, you will be able to click into the admin tile and access the Users section like you are familiar with. Otherwise, you will require a PowerShell script to add them with the CSV.
Remove GoDaddy as Delegated Admin and Cancel Subscription
Warning! If you do not follow the steps to remove GoDaddy as a delegated admin before you cancel with them, they will run a script to delete all users in the account and remove the primary domain. You need to ensure you remove them as delegated admin after the move and ensure that their admin user is deleted in the account BEFORE cancelling the subscription.
- In the 365 Admin Portal
- Under Settings>Partner Relationships>Click on GoDaddy and remove their roles:
- In GoDaddy, cancel the renewal
Why Defederate?
Defederating your Microsoft 365 account from services like GoDaddy offers several advantages:
- Enhanced Control: By defederating, you regain control over your domain settings and email configurations, allowing for more flexibility in managing your online presence.
- Increased Security: With fewer third-party dependencies, you reduce the risk of security breaches and data compromises.
- Independence: Defederating empowers you to make decisions regarding your digital assets without relying on external providers, promoting autonomy and self-reliance.
Steps to Defederate Your Microsoft 365 Account
-
Assess Your Current Setup:
Begin by reviewing your existing domain and email configurations within Microsoft 365. Identify any dependencies on federated services like GoDaddy.
-
Back Up Your Data:
Before making any changes, ensure that you have backed up all essential data, including emails, contacts, and domain settings. This precautionary step will safeguard your information throughout the defederation process.
-
Access Your Microsoft 365 Admin Center:
Log in to your Microsoft 365 Admin Center using your administrator credentials.
-
Navigate to Domain Settings:
Locate the domain settings section within the admin center. Here, you’ll find options related to domain management and configurations.
-
Remove Federated Services:
Within the domain settings, look for any entries related to federated services, such as GoDaddy. Select the option to remove or dissociate these services from your Microsoft 365 account.
-
Update DNS Records:
After defederating, update your DNS records to reflect the changes. This may involve configuring MX records for email delivery and updating other DNS settings to ensure seamless functionality.
-
Verify Changes:
Double-check that the defederation process was successful by testing email delivery, domain access, and other relevant functionalities. Verify that your Microsoft 365 account operates independently of any previously federated services.
-
Monitor and Maintain:
Regularly monitor your domain and email settings to ensure ongoing stability and security. Stay informed about updates and best practices for managing your Microsoft 365 account effectively.
Take Control of Your Microsoft 365 Account
Defederating your Microsoft 365 account from services like GoDaddy empowers you to assert greater control, enhance security, and foster independence in managing your digital assets. By following the steps outlined in this guide, you can confidently navigate the defederation process and reap the benefits of a more autonomous online presence. Take charge of your Microsoft 365 account today and safeguard your digital identity for the future.
