Skip to content

Update AD-FS-Prompt-Login.md #8021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update AD-FS-Prompt-Login.md #8021

wants to merge 1 commit into from
+8 −5

Conversation

rodiera
Copy link
Contributor

@rodiera rodiera commented Jan 28, 2025

The right command to use is Update-MgDomainFederationConfiguration not New-MgDomainFederationConfiguration. the latter creates a federation domain configuration, but in this context, this is already in existence. Therefore, an error gets returned "New-MgDomainFederationConfiguration : Domain already has Federation Configuration set."

PreferredAuthenticationProtocol - should not be changed FederatedIdpMfaBehavior - is not always populated and shouldn't be changed in this context.

@rodiera
Update AD-FS-Prompt-Login.md
e97ad35 
The right command to use is Update-MgDomainFederationConfiguration not New-MgDomainFederationConfiguration. the latter creates a federation domain configuration, but in this context, this is already in existence. Therefore, an error gets returned "New-MgDomainFederationConfiguration : Domain already has Federation Configuration set."

PreferredAuthenticationProtocol - should not be changed
FederatedIdpMfaBehavior - is not always populated and shouldn't be changed in this context.
@prmerger-automator PRMerger Automator
Copy link
Contributor

@rodiera : Thanks for your contribution! The author(s) have been notified to review your proposed change.

@prmerger-automator prmerger-automator bot requested a review from billmath January 28, 2025 20:53
@learn-build-service-prod Learn Build Service (PROD)
Copy link
Contributor

Learn Build status updates of commit e97ad35:

✅ Validation status: passed

File Status Preview URL Details
WindowsServerDocs/identity/ad-fs/operations/AD-FS-Prompt-Login.md ✅Succeeded

For more details, please refer to the build report.

For any questions, please:

@v-dirichards
Copy link
Contributor

@robinharwood, @Xelu86
Can you review the proposed changes?

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team
#assign: @robinharwood, @Xelu86

@prmerger-automator prmerger-automator bot added the aq-pr-triaged tracking label for the PR review team label Jan 28, 2025
@rodiera
Copy link
Contributor Author

rodiera commented Apr 28, 2025

Any updates on this?

The current guidance in this document is wrong. Neither FederatedIdpMfaBehavior or PreferredAuthenticationProtocol need to be included here to update PromptLoginBehavior. Furthermore, customers are unnecessarily updating FederatedIdpMfaBehavior and want to revert however there is no way to revert once the property has been updated. So, we are getting pushback on CSS cases when customer follow this guidance and finds out they cannot null FederatedIdpMfaBehavior.

The correct command is.
Update-MgDomainFederationConfiguration -DomainId <your_domain_name>
-InternalDomainFederationId `
-PromptLoginBehavior <translateToFreshPasswordAuth|nativeSupport|disabled>

@v-dirichards
Copy link
Contributor

@robinharwood @Xelu86
Can you review the proposed changes?

#label:"aq-pr-triaged"
@MicrosoftDocs/public-repo-pr-review-team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@billmath billmath Awaiting requested review from billmath

Assignees

@billmath billmath

@robinharwood robinharwood

@Xelu86 Xelu86

Labels
aq-pr-triaged tracking label for the PR review team Change sent to author do-not-merge qualifies-for-auto-merge security/subsvc windows-server/svc
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@rodiera @v-dirichards @billmath @robinharwood @Xelu86