Disconnecting AAoD from your Federated Office 365 domain.
- Log into your On-Demand Tenant.
- Select SSO Manager.
- Select the Office 365 app.
- Uncheck Manage Office 365 Federation Automatically.
- Select Disconnect AuthAnvil.
Note: Disconnecting Office 365 could take up to 72 hours to complete as Microsoft's servers replicate the changes.
If that fails to disconnect then please see the following.
In order to remove SSO from your domain you will need the Microsoft Online Service Module for Windows PowerShell (the PowerShell bits for Office 365).
You can download this module from Microsoft at https://support.office.com/en-us/article/Managing-Office-365-and-Exchange-Online-with-Windows-PowerShell-06a743bb-ceb6-49a9-a61d-db4ffdf54fa6
Once installed, you can connect in to your Office 365 account using the following commands:
Set-MsolDomainAuthentication -Authentication Managed -DomainName <YourDomain.com>
This process will prompt for your *.onmicrosoft.com account credentials to set the defined domain name (YourDomain.com) back to standard passwords instead of federated single-sign on. You may need to reset your users' passwords after setting the domain back.
As a last step you may wish to run the following command to convert all federated users back to standard password users, resetting their passwords automatically:
Get-MsolUser | Convert-MsolFederatedUser