How to Defederate Office 365 Using the Latest Microsoft Tools

Understanding Domain Defederation in Microsoft 365

If you’ve ever purchased Microsoft 365 through a partner like GoDaddy or simply want to take full control of your Microsoft tenant, you’ve probably encountered the term “defederation.” In simple terms, defederation is the process of converting your domain from being managed by a third party (federated) to being directly managed by you through Microsoft (managed authentication).

Why would you want to do this? Control, flexibility, and often cost savings. When your domain is federated with a partner, you’re limited by their management console and the features they choose to expose. Breaking free means getting full access to all Microsoft 365 has to offer.

When Defederation Makes Sense

There are several scenarios where defederation becomes necessary:

• You purchased Microsoft 365 through GoDaddy or another reseller and want direct control
• Your organization has outgrown the limitations of a partner-managed subscription
• You need advanced features not available through your current setup
• You’re consolidating IT vendors and want to manage everything directly
• Your current provider’s support isn’t meeting your needs

Whatever your reason, the process has become significantly easier with Microsoft’s latest tools.

Preparation Steps: What to Do Before Defederating

Before diving into the technical steps, proper preparation will save you headaches later:

1. Inventory your current setup: Document users, groups, licenses, and any custom configurations
2. Back up crucial data: Export important emails, SharePoint files, and OneDrive content
3. Verify domain ownership: Ensure you have access to domain DNS settings
4. Plan for downtime: While minimal, there might be brief service interruptions
5. Notify users: Let your team know about potential brief service disruptions

The Modern Approach: Using Microsoft Graph PowerShell

In the past, defederation required the older MSOnline module and complex PowerShell scripts. Microsoft has modernized this process with the Graph API and its PowerShell modules. This approach provides better security, reliability, and future-proofing.

Let’s walk through the process step by step.

Step 1: Install the Required Module

First, you’ll need to install the Microsoft Graph PowerShell module that handles directory management. Open PowerShell as an administrator and run:

Install-Module Microsoft.Graph.Identity.DirectoryManagement -Scope CurrentUser

If you’re prompted about installing from an untrusted repository, type ‘Y’ and press Enter.

Step 2: Import the Module

Next, import the module to make its commands available in your current PowerShell session:

Import-Module Microsoft.Graph.Identity.DirectoryManagement

Step 3: Connect to Microsoft Graph with Proper Scopes

This critical step ensures you have the right permissions to modify domain settings:

Connect-MgGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"

A sign-in window will appear. Log in with an admin account for your Microsoft 365 tenant. This account must have Global Administrator privileges.

Step 4: Defederate Your Domain

Now for the main event—converting your domain from federated to managed:

Update-MgDomain -DomainId "yourdomain.com" -AuthenticationType Managed

Replace “yourdomain.com” with your actual domain name. This command tells Microsoft 365 to handle authentication directly rather than deferring to a third party.

Verification: Ensuring the Process Worked

After running the defederation command, verify that the change was successful:

Get-MgDomain -DomainId "yourdomain.com" | Select-Object Id, AuthenticationType

The output should show “Managed” as the AuthenticationType. If it does, congratulations! Your domain is now defederated.

Common Challenges and Troubleshooting

Despite the streamlined process, you might encounter a few issues:

Authentication Errors

If you receive authentication errors, double-check that:

• Your account has Global Administrator permissions
• You’ve requested the correct scopes in the Connect-MgGraph command
• Your Microsoft 365 subscription is active and in good standing

Domain Verification Issues

If the system claims your domain isn’t verified:

1. Go to the Microsoft 365 Admin Center
2. Navigate to Settings > Domains
3. Check if your domain shows as “Verified”
4. If not, follow the verification process by adding the required DNS records

License Transitions

After defederation, you might need to reassign licenses. This is particularly common when moving away from partner-bundled subscriptions. Have your licensing strategy ready before beginning.

Post-Defederation Best Practices

Once your domain is successfully defederated, take these steps to ensure everything runs smoothly:

1. Verify user access: Have key users confirm they can access their accounts and data
2. Check email flow: Ensure emails are sending and receiving correctly
3. Review security settings: Update security defaults, MFA settings, and conditional access policies
4. Update DNS records if needed: Some third-party providers might have used custom DNS settings
5. Document new admin procedures: Create guides for your IT staff on managing the now-direct Microsoft relationship

Real-World Transition Scenarios

Moving from GoDaddy to Direct Microsoft Management

GoDaddy-managed Microsoft 365 is one of the most common federation scenarios. While GoDaddy’s integration makes initial setup easy, many organizations outgrow it. The defederation process outlined above works particularly well for GoDaddy transitions.

After defederation, you’ll want to purchase appropriate licenses directly from Microsoft. Plan this transition carefully to avoid service interruptions.

Consolidating Multiple Tenants

If your organization acquired another company or had separate Microsoft 365 instances, defederation is often part of the consolidation process. After defederating domains from their original tenants, you can add them to your primary tenant.

Data Migration Considerations

Defederation itself doesn’t move data—it only changes how authentication happens. If you’re changing tenants entirely, you’ll need a separate data migration plan for:

• Exchange mailboxes and archives
• SharePoint document libraries
• OneDrive files
• Teams structures and conversation history

While we’ve focused on the technical aspects of defederation here, planning a comprehensive migration strategy is equally important. (Our team at Your Personal Ninja can help develop these migration plans if you find yourself needing expert guidance.)

The Business Value of Direct Microsoft 365 Management

Taking direct control of your Microsoft 365 environment offers significant advantages:

• Cost optimization: Direct licensing often costs less than partner markup
• Feature access: Get immediate access to new features as Microsoft releases them
• Simplified administration: One less vendor relationship to manage
• Better security controls: Direct access to all security features and settings
• Streamlined support: Work directly with Microsoft support when needed

For growing businesses, these benefits quickly outweigh the initial effort of defederation.

Conclusion: Embracing Control and Flexibility

Defederating your Microsoft 365 domain using the latest Graph API tools gives you unprecedented control over your productivity environment. While the process requires careful planning and execution, the long-term benefits make it worthwhile for most organizations.

The modern Microsoft Graph PowerShell approach we’ve outlined simplifies what was once a complex technical procedure. By following these steps and best practices, you can successfully transition to a directly managed Microsoft 365 environment with minimal disruption.

Remember that proper preparation is key to a smooth defederation process. Document your current setup, back up important data, and communicate with your team before making changes.

If you find yourself needing assistance with your Microsoft 365 environment, domain management, or other IT infrastructure needs, reach out to us at US Tech Support Solutions. Our team specializes in helping businesses optimize their technology environments—whether that’s streamlining administrative overhead, designing effective web solutions, or ensuring your hosting infrastructure meets your needs. We’re here to be your technology ninjas, working behind the scenes to keep your business running smoothly.