SSO/365 Powershell Script kicking my butt

Hi,

I am finally trying to get 365 MFA running, but at the run Powershell script section I go into a endless vortex on module requirements to run it. (Reminds me of Linux dependencies) I run the script and it says I need Managed MSOnline Powershell Module, I run that installer and it says the Install-Module was not found in the PowershellGet module. I do an Import-Module for PowershellGet and nothing happens I try the Install-module again and it says Nuget is required (which is installed latest version) it asks me if I want to install Nuget, I select Yes, and it says that Nuget provider is required to interact with Nuget-based repositories…

After I pull out all my hair, I verified the TLS1.2 is running for Powershell, server is patched but I keep going through this issue.
Server is 2012R2 and the one running the AD Connect.

Not sure if this is something DUO can assist with, or if I need to get MS involved (which I do NOT want to do)

Thoughts?

Ok so after WAY too much Powershell crap I re-ran the script again, still got an MSOnline error but the srcipt ran farther and I was able to enter my 365 creds, but then I got unable to federate error. The same one found in this article: https://help.duo.com/s/article/5181?language=en_US

But the article doesn’t really explain what is going on…

“You cannot remove this domain as the default domain without replacing it with another default domain”

Hi @StealthNet,

It means that you cannot federate your default domain, this means whatever domain you’re trying to federate to Duo SSO right now is set as your default. If you set your “onmicrosoft.com” domain to default you should then be able to federate it.

Thanks, Yes I had to change the default to onmicrosoft domain (I missed that in the docs), then federation completed. In testing I am not being prompted for MFA though, trying to troubleshoot.

Thanks

Update, it took a few minutes but we did get the Prompt!!!

If we could eliminate the Microsoft components from this setup I’m sure it would have worked flawlessly :slight_smile:

Thanks for chiming in.

2 Likes