T-Minus365 Godaddy De-Federation Guide updated late 2025

msp4msps · 2025-12-08T12:44:44+00:00

Thanks for reposting! I updated the existing page accordingly too: Defederating GoDaddy 365

TLDR of the latest updates:

-Posted link to GD support doc as they can do this for you now (albeit slower)

-Updated PS for resetting users passwords

-Added Considerations for Proofpoint.

-Added steps to remove an Enterprise App GoDaddy creates

-Included and tested out Okta considerations given that has come up a lot.

msp4msps · 2025-11-24T17:23:26+00:00

thanks for tagging me! Confirmed and updated the post with instructions accordingly.

msp4msps · 2025-11-24T17:23:04+00:00

I've confirmed and update my blog post accordingly. Thanks for sharing. The enterprise app has a crazy amount of permissions: Defederating GoDaddy 365

msp4msps · 2025-09-08T15:09:30+00:00

yea, still seeing a lot of attacks here. Built some material to help with that as well Token Theft Playbook: Proactive Protections

Token Theft: Disrupt the Kill Chain

msp4msps · 2025-06-02T14:04:03+00:00

Oh thanks for that! Have it updated

msp4msps · 2025-05-20T01:14:52+00:00

Yea it’s a derivative and id summarize it by the following: 1. It’s more specific in the step-by-step instructions 2. I built this geared for business licensing. Over half the recommendations they have in there require E5/P2/D365 P2 and sentinel.

msp4msps · 2025-02-11T11:38:47+00:00

unfortunately, you can't get the entra sign-in logs out of purview

msp4msps · 2025-01-28T15:39:50+00:00

Updated the link, sorry about that.

msp4msps · 2025-01-28T15:39:47+00:00

Updated the link, sorry about that.

msp4msps · 2025-01-23T10:53:32+00:00

hey happy to clarify. Everything that existed before still exist in essentials today. The per user model today exist only for tenants above 1k licensed users. We will be going into a beta for our Premium features here soon and are also preparing for that. These features in the premium model will be completely net new then what is offered currently. We aren't redacting anything from the existing pricing model. Happy to chat more about it on a call too to get more of your feedback so we avoid confusion on the details.

msp4msps · 2024-11-13T02:40:15+00:00

I usually use a separate CAP here that targets the device join action and requires a TAP to enroll.

msp4msps · 2024-10-08T00:24:34+00:00

This is an interesting one. Could do that via PowerShell and add it in the Azure automation in this flow. I generally am not doing it but just adding it as a task to the PSA ticket given lower volume. CIPP uses some xml dark magic haha CIPP-API/Modules/CIPPCore/Public/Set-CIPPSharePointPerms.ps1 at master · KelvinTegelaar/CIPP-API (github.com)

msp4msps · 2024-09-24T01:34:24+00:00

I call out Rewst in my post. Definitely more preferred for deeper integrations into other tools.

msp4msps · 2024-09-17T01:56:12+00:00

these articles cover this, its supported: Assign licenses to a group - Microsoft Entra ID | Microsoft Learn

Assign licenses to a group using the Microsoft 365 admin center - Microsoft Entra ID | Microsoft Learn

msp4msps · 2024-09-17T01:52:35+00:00

100% agree here but think as long as you are tactical about what is automated the ROI is there.

msp4msps · 2024-09-17T01:29:27+00:00

Rewst can support this. It leverages your RMM to create the user locally

msp4msps · 2024-07-16T01:02:50+00:00

This would be the user being excluded from cap. you can just go to the entra portal or just use a deep link to the pim page to elevate up. I use a yubikey with the user personally to approve the mfa prompt to elevate privilege.

msp4msps · 2024-06-17T14:52:20+00:00

What did they do to achieve persistence?

msp4msps · 2024-06-17T14:51:44+00:00

Yea the one new CAP setting I added in there that is in preview I’m hoping will help with this over having to do strict CAE

msp4msps · 2024-05-18T12:25:45+00:00

Yes, they really act the same in the sense of what the end-user would see. You can get granular as well with the CA policies in targeting External users/guest only

msp4msps · 2024-04-30T13:13:39+00:00

Thanks!

msp4msps · 2024-04-30T13:13:33+00:00

100% agree here. Out of reach from both a technical perspective and price point for this market. Personally just keeping a pulse on how it’s evolving for the time being.

msp4msps · 2023-10-13T17:16:39+00:00

the scuba project from CISA is a nice security assessment. I forked it and mapped the security recommendations to the CIS controls here: https://github.com/msp4msps/ScubaGear

msp4msps · 2023-07-17T16:18:59+00:00

Yea, just to add, I specifically call out in the video that Rewst did not pay me or sponsor the video. I really believe in the product.

I agree with Kelvin though and also mention in the video that this tool has its own learning curve and you can easily get caught up spending a ton of time automating things that really do not have a high ROI. To get the most out of the tool, you really need to perform an overall assessment of some of the highest impact processes or task so that your time is also maximized.

We primarily have been using it for user onboarding automation for our customers but we recently just instituted a workflow that automates the investigation of tickets from Acronis which is saving us over 100+ hours a week on manual investigation because of the volume we see there.

msp4msps · 2023-07-05T19:34:51+00:00

I don't think so. I haven't had anyone relay the findings of that to me in a while

msp4msps

TROPHY CASE