Azure AD – New Azure AD Resilience feature coming, update to your ADFS required

New Azure Active Directory (AAD) feature is coming to provide more resilience. If you are using federated authentication, like with AD FS, you must be prepared and update your federation service to use the new endpoints.

If you are using AD FS and use Azure AD Connect to configure/maintain it, Azure AD Connect will do it for you. As usual a quick check is always recommended so read the below actions to validate the re configuration.

The following URL’s provide you the updated Idp to use with the relying party trust:

 

If you are using AD FS (or any other federation service) without Azure AD Connect to configure it, you need to perform the below actions:

  • Logon to your AD FS (or federation service server)
  • Launch a PowerShell prompt (as usual use the run as administrator) and execute the following commands

NOTE you may have to load the AD FS module with Add-PSSnapin Microsoft.Adfs.PowerShell for AD FS 2.0

Before executing the commands, you get get your current settings using the command Get-AdfsRelyingPartyTrust

image

You can check the result by comparing with the first Get-AdfsRelyingPartyTrust you ran before or using the AD FS console and check the Endpoints tab from the Office 365 relying party trust

image

If you need to rollback this change, just run the following commands

Leave a Comment

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.