From e97ad35ad20ec0b22fc5f0b0034fadce9fb95bb2 Mon Sep 17 00:00:00 2001 From: rodiera <76068231+rodiera@users.noreply.github.com> Date: Tue, 28 Jan 2025 14:53:04 -0600 Subject: [PATCH] Update AD-FS-Prompt-Login.md The right command to use is Update-MgDomainFederationConfiguration not New-MgDomainFederationConfiguration. the latter creates a federation domain configuration, but in this context, this is already in existence. Therefore, an error gets returned "New-MgDomainFederationConfiguration : Domain already has Federation Configuration set." PreferredAuthenticationProtocol - should not be changed FederatedIdpMfaBehavior - is not always populated and shouldn't be changed in this context. --- .../identity/ad-fs/operations/AD-FS-Prompt-Login.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/WindowsServerDocs/identity/ad-fs/operations/AD-FS-Prompt-Login.md b/WindowsServerDocs/identity/ad-fs/operations/AD-FS-Prompt-Login.md index 72edf740a9..ffccf179bf 100644 --- a/WindowsServerDocs/identity/ad-fs/operations/AD-FS-Prompt-Login.md +++ b/WindowsServerDocs/identity/ad-fs/operations/AD-FS-Prompt-Login.md @@ -41,7 +41,7 @@ The following is a list of AD FS versions that support the `prompt=login` parame Use the [Microsoft Graph PowerShell](/powershell/microsoftgraph/installation) module to configure the setting. -1. First obtain the current values of `FederatedIdpMfaBehavior`, `PreferredAuthenticationProtocol`, and `PromptLoginBehavior` for the federated domain by running the following PowerShell command: +1. First obtain the current values of 'Id' and `PromptLoginBehavior` for the federated domain by running the following PowerShell command: ```powershell Get-MgDomainFederationConfiguration -DomainId | Format-List * @@ -55,11 +55,14 @@ Use the [Microsoft Graph PowerShell](/powershell/microsoftgraph/installation) mo 2. Configure the desired value of `PromptLoginBehavior` by running the following command: ```powershell - New-MgDomainFederationConfiguration -DomainId ` - -FederatedIdpMfaBehavior ` - -PreferredAuthenticationProtocol ` - -PromptLoginBehavior + Update-MgDomainFederationConfiguration ` + -DomainId ` + -InternalDomainFederationId ` + -PromptLoginBehavior + ``` + > [!NOTE] + > The value for PromptLoginBehavior is case sensitive. The value should be one of the following. `translateToFreshPasswordAuth` `nativeSupport` `disabled` Following are the possible values of `PromptLoginBehavior` parameter and their meaning: