Purpose
This shows the step-by-step guide on how to completely disable Microsoft 365 Federation called Email Integration in Practice Protect.
Disabling this should revert their login through Microsoft 365. Users will have to re-authenticate using their Microsoft 365 credentials. We do advise to setup MultiFactor-Authentication (MFA) for users for added security.
Prerequisites
- Admin Access to Practice Protect Tenant along with its custom Login URL (i.e. tenantname.id.cyberark.cloud/)
- Microsoft 365 Service Account with Global Admin Rights
- Powershell app on a computer with installed Azure AD module/MS Online
Instructions
1. Login to Practice Protect using the customized login URL and switch on the Admin Portal.
2. Go to Apps & Widgets section > Web Apps. Find and click Office 365 (type: Web – SAML + Provisioning). Note: The app name may be different.
3. In the Application Settings, find the Office 365 Domains. select and tick the box of the Federated domain. On the Actions dropdown, select “Download Powershell Script“
This will download the script on your local computer.
4. Locate the downloaded file then right click on it and select “Run with Powershell” If there’s a warning, click on “open“
5. This will prompt you to log in and authenticate. Please use the Office365 Global Admin account credentials.
6. Once authenticated, a prompt will appear “What Action Would You Like To Do? Federate (F), UnFederate (U), or View Federation Settings (V)?:” Press U on the keyboard and hit Enter. Note: wait for a few seconds to finish the execution.
7. To confirm it is disabled or unfederated, go back to the Office365 Application Settings in Practice Protect and check the domain. The “Type” should now be set to Managed
Note: Refresh the page if the Type is not updating or re-run the PowerShell script from Step 4
Remove Entra ID Registered App
1. Log in to the Microsoft Entra ID Portal, go to the Identity > Applications section and select App Registrations
2. Click the All applications tab and select the app created by Practice Protect by clicking through it. Usually named PracticeProtect, PPAzureAD, or PracticeProtect EntraID
3. Delete the app by clicking on the Delete button.
4. To confirm deletion, tick “I understand the implications of deleting this app registration” and click “Delete“
5. App is now deleted from the App Registrations. You’ll receive a notification pop up.
Note: This completes the steps of disabling Microsoft 365 Federation or Email Integration. Be aware that users should use their Microsoft 365 credentials to logon to any of their Microsoft 365 apps (Outlook, Teams, Onedrive, etc).
If end user/s doesn’t remember their Microsoft 365 credentials, a person (i.e. IT Personnel) who has admin access to Microsoft 365 should assist on resetting their passwords.