Version Affected:  [All Versions]

Description:  

Microsoft deprecated Azure AD PowerShell and MSOnline PowerShell modules on March 30, 2024 and MSOnline module might not be available in future to update federation settings.

Cause:  

Deprecation of MSOnline module.

Resolution:  

1. Run below command to install the required module:
   Install-Module -Name Microsoft.Entra -AllowClobber
2. Sign-in and click accept at the consent prompt. If you don't have permissions, contact your global admin:
   Connect-Entra -Scopes 'Domain.ReadWrite.All'
3. Run below command and copy the value of Id property:
   Get-EntraFederationProperty -DomainName your_domain.com | fl Id
4. Export the signing cert in base64 format, remove begin certificate, end certificate lines, and line breaks. Replace the <CERT VALUE> with the actual value in a single line with no breaks or space.
   $cert = "<CERT VALUE>"
5. Run below command to update the signing certificate:
   Update-MgDomainFederationConfiguration -DomainId your_domain.com -InternalDomainFederationId Id_from_step_3 -SigningCertificate $cert
6. To confirm if the signing certificate is updated, run:
   Get-EntraFederationProperty -DomainName your_domain.com | fl id, displayname, signingcertificate

Additional info:

Steps to update M365 integration with the new signing certificate using MSOnline module:

https://support.secureauth.com/hc/en-us/articles/36312524083732-Steps-to-update-M365-integration-with-the-new-signing-certificate

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.