After federating a domain, it takes 15 minutes for Azure to reflect that

Seth Call 0 Reputation points

When I run this command:

$domain = ""
Set-MsolDomainAuthentication -DomainName $domain -FederationBrandName "SethCall" -Authentication federated -IssuerUri $issueruri -ActiveLogOnUri $LogOnUrl -PassiveLogOnUri  $PassiveLoginUri -MetadataExchangeUri $mex -SigningCertificate $SigningCert -LogOffUri $LogOffUrl  -PreferredAuthenticationProtocol $Protocol -SupportsMfa $False

It can take 15-30 minutes before those settings come back consistently from

Or put it this way; if I go to that URL, I'll see that my federation settings immediately update... but if I keep refreshing that URL, the settings will 'flip' back to federation type 'Managed' (i.e., not federated) constantly. This flapping continues on for 15 minutes. I do not know exactly because I get mad and walk away, but it definitely takes a while.

# desired
{"ver":"1.0","account_type":"Federated" ...}

# inconsistent result

{"ver":"1.0","account_type":"Managed" ...}

The point is, I find my self needing to go from Managed to Federated in a test environment often, but I have to 'wait out' this flapping and it's a huge hindrance to productivity.

Really this is a Azure bug, but I don't know that I'll catch the eye of MS in this post.

Or, maybe this will help someone who begins testing, expecting federated behavior but gets strange bugs as these settings are in this flapping state. Basically, to anyone else, hit that URL above (but replacing with your actual domain) rapidly in a browser (refresh like 10x). Don't test your federated settings until you see the URL consistently reflect your expected Federated settings.

A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
2,288 questions
{count} votes