Defederate GoDaddy 365

Defederate a GoDaddy Microsoft tenant without requiring migration.

Original Source: https://tminus365.com/defederating-godaddy-365/​
Big thanks to msp2msps for this original content. The guide below is based on their work.
Summary
Customers who purchase Microsoft 365 subscription from GoDaddy receive a federated Microsoft tenant, making it unable to be transferred to another CSP and difficult to manage.

GoDaddy provides documentation on moving away from their services, but it requires working with their support staff in a process that could take up to 10 days (see link below). 
GoDaddy - Move my Microsoft 365 email away from GoDaddy
GoDaddyHelp
With the solutions proposed in this guide, you will:
Defederate the tenant without migrating
Never have to call GoDaddy
Keep user accounts (instead of deleting them)
Have no mail-flow downtime
High level-steps:
1.Prepare End Users
2.Become a Tenant Admin
3.Remove Federation with GoDaddy
4.Reset Users' Passwords
5.Add a CSP Provider & Provision Licenses
6.Remove GoDaddy Delegated Admin & Cancel Subscription
Prepare Your End Users
Defederating requires users to reset their passwords. It is recommended to set temporary passwords and distribute them to users for them to reset.
Schedule the defederation process and notify users. It is recommended to perform this outside of business hours. 
After resetting user passwords, Microsoft Office applications will reprompt for authentication. It is recommended to provide users instructions to reauthenticate beforehand. For Office applications, they can reauthenticate by going to File > Account > Sign Out > Sign In.
Become a Tenant Admin in GoDaddy
When signing up for Microsoft 365 with GoDaddy, the initial account is setup as an admin user. Unfortunately, this user is redirected to the GoDaddy portal when they try to sign in at office.com. In order to defederate the tenant, we need proper access to the Microsoft 365 portal.
1.Login to portal.azure.com with the admin user that was set up when the account was first created and click on the 3 lines in the top left corner.
2.Click on Azure Active Directory, then click on Users.
3.Here you should see a user label with admin@*.onmicrosoft.com
4.Click on this user and reset their password. 
5.Open an incognito browser window and sign in to admin.microsoft.com with that username and the temporary password.
6.Establish a new password and update your documentation. 
With this completed, you now have a user that can run the necessary powershell commands to defederate the tenant.
Remove Federation with GoDaddy
Before you perform this step you want to make sure all users have the passwords you will be resetting as they will not be able to login without that new password.
# Install MSOnline Module
Write-Output 'Installing MSOnline module...'
Install-Module -Name 'MSOnline'
​
# Connect to Microsoft
Write-Output 'Connecting to Microsoft...'
Connect-Msolservice
​
# Remove Federation
Write-Output 'Removing federation from domains...'
$FederatedDomains = Get-MsolDomain | Where-Object { $_.Authentication -eq 'Federated' }
foreach ($Domain in $FederatedDomains) {
  Set-MsolDomainAuthentication -DomainName $Domain.Name -Authentication 'Managed'
}
​
# Get Domains
Get-MsolDomain
After this is complete you will see that all domains are now "Managed". You can now disconnect from Microsoft by closing the PowerShell window or using the following command:
[Microsoft.Online.Administration.Automation.ConnectMsolService]::ClearUserSessionState()
Reset Users' Passwords
Your process for resetting users' passwords may vary from the process outlined below. It is provided as an example case.
1.Login to admin.microsoft.com.
2.Click Users > Active Users.
3.Select all users using the box in the top left corner.
4.Unselect your current user account.
5.Click Reset password.
6.Distribute temporary passwords to users.
Add a CSP Provider and Provision Licensing
Now that the tenant is defederated, you can add a CSP provider with their delegated admin link.
Note: If you are the new CSP provider, you can get your delegated admin link from https://partner.microsoft.com/en-us/dashboard/commerce2/customers/acquire.
Paste the appropriate link in a browser, sign into the tenant with the admin credentials you reset earlier and accept the relationship. After the acceptance, reload the page and you will see the new CSP listed. 
You can now purchase and assign new licenses for the tenant.
Remove GoDaddy Delegated Admin and Cancel Subscription
Warning: If you do not follow the steps to remove GoDaddy as a delegated admin before you cancel with them, they will run a script to delete all users in the account and remove the primary domain.
1.In Microsoft 365: Under Settings > Partner Relationships, click on GoDaddy and remove their roles.
2.In GoDaddy: Cancel the renewal.
From here, the subscription from GoDaddy will expire at end of term and that is all. You now have a tenant under CSP with all of the typical management functionality you are familiar with.
Note: By default, SharePoint URLs will retain GoDaddy's default .onmicrosoft.com domain name. This can be changed by following the process outlined here:
https://learn.microsoft.com/en-us/sharepoint/change-your-sharepoint-domain-name​
Considerations for Migrating to New Tenant
Here are some unique considerations in favor of performing a migration:
Federation with a 3rd party - If you intend to re-federate the tenant after moving off GoDaddy with an IDP like OneLogin, a tenant-to tenant migration is REQUIRED. If you try to federate with a 3rd party after defederating with GoDaddy, all admin users will be redirected to GoDaddy’s admin portal. Microsoft support confirms tenant to tenant migration is the only way around this process.
If you do decide to migrate the tenant, consider using BitTitan to make the migration process smoother.
BitTitan MigrationWiz | Migrate to Microsoft 365, Exchange, and G Suite
BitTitan MigrationWiz

Overview

Next - Microsoft 365

Manage Sent Items

Last modified 7mo ago