From 9cbdfad6cd6f40ebe77402459df940e41154b172 Mon Sep 17 00:00:00 2001 From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com> Date: Tue, 11 Apr 2023 10:43:19 -0400 Subject: [PATCH] Refreshed PS module --- education/windows/configure-aad-google-trust.md | 5 +++-- education/windows/federated-sign-in.md | 11 ++++++++--- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/education/windows/configure-aad-google-trust.md b/education/windows/configure-aad-google-trust.md index d96b7414ca..087db4abca 100644 --- a/education/windows/configure-aad-google-trust.md +++ b/education/windows/configure-aad-google-trust.md @@ -69,10 +69,11 @@ Now that the app is configured, you must enable it for the users in Google Works ## Configure Azure AD as a Service Provider (SP) for Google Workspace The configuration of Azure AD consists of changing the authentication method for the custom DNS domains. This configuration can be done using PowerShell.\ -Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in an elevated PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role. +Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in a PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role. ```powershell -Install-Module Microsoft.Graph +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force +Install-Module Microsoft.Graph -Scope CurrentUser Import-Module Microsoft.Graph $domainId = "" diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md index 7eccc722a0..326c71ca59 100644 --- a/education/windows/federated-sign-in.md +++ b/education/windows/federated-sign-in.md @@ -1,7 +1,7 @@ --- title: Configure federated sign-in for Windows devices description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages. -ms.date: 04/04/2023 +ms.date: 04/11/2023 ms.topic: how-to appliesto: - ✅ Windows 11 @@ -146,11 +146,16 @@ In a scenario where a user is federated and you want to change the ImmutableId, Here's a PowerShell example to update the ImmutableId for a federated user: ```powershell +Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser -Force +Install-Module Microsoft.Graph -Scope CurrentUser +Import-Module Microsoft.Graph +Connect-MgGraph -Scopes 'User.Read.All', 'User.ReadWrite.All' + #1. Convert the user from federated to cloud-only -Get-AzureADUser -SearchString alton@example.com | Set-AzureADUser -UserPrincipalName alton@example.onmicrosoft.com +Update-MgUser -UserId alton@example.com -UserPrincipalName alton@example.onmicrosoft.com #2. Convert the user back to federated, while setting the immutableId -Get-AzureADUser -SearchString alton@example.onmicrosoft.com | Set-AzureADUser -UserPrincipalName alton@example.com -ImmutableId '260051' +Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@example.com -OnPremisesImmutableId '260051' ``` ## Troubleshooting