Back up and restore Office 365 settings

Back up Office 365 settings

•Open the PowerShell command window and enter the following command to connect to the Office 365 tenant:

PS C:\Connect-MgGraph -Scopes "Domain.ReadWrite.All Directory.AccessAsUser.All"

•Enter the following command to back up the current domain federation settings into a file:

PS C:\Get-MgDomainFederationConfiguration -DomainId <federated-domain> | Export-Clixml <xml-file-path>

For example:

Enter the following command to back up the current domain federation setting for the federated domain orange.com to an xml file c:\orange.com-original-settings.xml.

 

PS C:\Get-MgDomainFederationConfiguration -DomainId orange.com | Export-Clixml orange.com-original-settings.xml

Restore Office 365 settings

Perform the following tasks to restore Office 365 settings from an existing saved file:

1.

Load the configuration into a variable.

PS C:\$original = Import-Clixml <xml-file-path>

 

For example:

load config from file c:\orange.com-original-settings.xml into variable $original

PS C:\$original = Import-Clixml orange.com-original-settings.xml

 

2.

Enter the following command to unfederate the domain if the domain is federated.

 

PS C:\Update-MgDomain -DomainId <federated-domain> -AuthenticationType "Managed"

 

For example:

unfederate the orange.com domain

 

PS C:\Update-MgDomain -DomainId orange.com -AuthenticationType "Managed"

Please wait for 1 minute after this command before proceeding to the next step.

 

3.

Enter the following command to restore the configuration from the variable.

Please check if the values used in this command are present in the xml file. Values which are not present in the xml file can be removed from the command.

FederatedIdpMfaBehavior argument is mandatory, so if it is not present in the xml file, you can use the value "acceptIfMfaDoneByFederatedIdp" for this argument.

PS C:\New-MgDomainFederationConfiguration -DomainId <federated-domain> -DisplayName $original.DisplayName -IssuerUri $original.IssuerUri -PassiveSignInUri $original.PassiveSignInUri -ActiveSignInUri $original.ActiveSignInUri -SignOutUri $original.SignOutUri -SigningCertificate $original.SigningCertificate -PreferredAuthenticationProtocol $original.PreferredAuthenticationProtocol -FederatedIdpMfaBehavior $original.FederatedIdpMfaBehavior -MetadataExchangeUri $original.MetadataExchangeUri