Last Updated on July 19, 2024
Stuck with GoDaddy?
Well, you might be losing your mind right now on what to do as it seems that GoDaddy has locked you from transferring to another cloud service provider.
But in this guide, I will show you how to defederate from GoDaddy in five steps while avoiding downtime (as much as possible).
Let’s get started.
Table of Contents:
GoDaddy’s Microsoft Office 365 subscription
When buying a domain, GoDaddy is one of those services that come to mind since they’re rather popular (and good) at it.
Unfortunately, it’s a different story when it comes to office productivity. Due to their partnership with Microsoft, they can offer Microsoft 365 subscription:
Note: You can learn more about the difference between the two providers on my Microsoft Office 365 vs GoDaddy Office 365 breakdown article.
The offers are quite tempting since they have lower prices than what Microsoft offers. However, when you take it, this federates the domain and the tenant.
When this happens, you’re locked up with them since you won’t be able to transfer to another cloud service provider.
You can call GoDaddy about it — but the talking alone can easily take hours. Not to add, if they do the defederation, say goodbye to all the data and user accounts.
But there is another solution here.
Sign up for exclusive updates, tips, and strategies
How to defederate from GoDaddy
Follow the steps below carefully to do this:
Step #1: Let your users know
The first step here is to let your users know and prepare them for what they have to do. Basically, defederating from GoDaddy will reset their passwords.
There are two ways to survive this:
- They can give the passwords to you before you start the defederation process.
- Prepare a spreadsheet and have your users fill it out with their passwords.
Let them know that you can create temporary passwords for their accounts and they can change the passwords themselves after the defederation process.
You may also have to teach them how to sign back to Office apps they use after the defederation.
Prepare images similar to the one below to help them understand your guide better:
It’s also important to let your users know when you’re going to do the defederation process — the exact date and time.
I recommend you do it during the night or during holidays when no one might be working. Even if the process doesn’t have downtime in terms of email services.
Step #2: Remove federation with GoDaddy
Before you’re able to actually defederate from GoDaddy, you need to have sufficient access to run the scripts.
Unfortunately, when you try to go to the Microsoft 365 admin center, the browser redirects you to the GoDaddy portal instead.
The solution here is to access the global admin:
- Ready the account credentials of the first user created
- Go to the Azure AD portal and open the service
On the overview, go to the users tab through the left panel:
On the list of users:
- Find the user principal name:
- If you can access this user, skip this step
- If you can’t access this user, click the display name
- Then click the reset password button
You will then receive a temporary password for that user. Copy it to a notepad or somewhere that you can easily access.
What you have to do next is:
- Open another browser on your computer
- Go to the Microsoft My Account portal
- Log in using the username and temporary password
- Click the change password button
Through this, you will now be able to run the scripts needed to defederate from GoDaddy.
Before you do anything from this point, make sure that you already have all the passwords of all the users.
The next step is to:
- Open Windows PowerShell
- Run it in admin mode
Copy and paste the script below — credits to tminus365 — and run it:
Write-Host "Checking for MSOnline module..."
$Module = Get-Module -Name "MSOnline" -ListAvailable
if ($Module -eq $null) {
Write-Host "MSOnline module not found, installing MSOnline"
Install-Module -name MSOnline
}
Connect-Msolservice
#Enter the admin credentials you have reset earlier
Get-MsolDomain
#See that the domain is “federated”#
Set-MsolDomainAuthentication -DomainName "domain.com" -Authentication ManagedThen, run Get-MsolDomain and see if your domain is now tagged as “managed”. It needs to be in a managed state for this process to work.
Replace domain.com with your domain. After this, your domain is now defederated from GoDaddy and you can use another cloud service provider.
OPTIONAL: To completely remove the domain from GoDaddy Microsoft 365, run this script:
Remove-MsolDomain -DomainName "domain.com" -ForceReplace domain.com with your domain.
Step #3: Update user passwords
Now that you have complete access, you can now easily update user passwords through the Microsoft 365 admin center.
You have two choices here:
- If the users are few, you can manually reset their password
- If there are far too many users, you can use a script to bulk update the passwords
To update one password at a time:
- Navigate to the admin center first
- Go to the active users tab
After that:
- Hover your mouse over a user
- Click the key icon that appears
Once you click on that, a right panel will appear:
- Check all the boxes
- Click the reset password button
Now, you will have a copy of the temporary password. Send it to the user and have him/her create a new password.
The other option is to use a script to update all the passwords.
Run the script below on PowerShell in admin mode:
##########Connect to MsOnline##########
Write-Host -Prompt "Connecting to MSOnline"
$credential = Get-Credential
Install-module Msonline
Import-Module MsOnline
Connect-MsolService -Credential $credential
############# Define CSV path of Users and Group ##################
$UserPath = Read-Host -Prompt "Enter File Path For CSV list of users"
#####Create CSV template with headers of Userprincipalname and Password#######
Import-Csv -Path $UserPath |%{Set-MsolUserPassword -userPrincipalName $_.UserPrincipalName –NewPassword $_.Password -ForceChangePassword $True}Step #4: Provide cloud service provider
Once the tenant and domain are defederated, you will be able to add a cloud service provider using the admin link
- Navigate to the admin link
- Use the global admin credentials to log in
- Accept the relationship and you will see a new provider
All you have to do at this point is to order licensing and provide the same number of seats to users and cancel GoDaddy.
Don’t forget to remove GoDaddy too as the delegated admin before you do anything — like canceling the subscription from them. You can do that via this link, under “other partner types” click the three vertical dots under GoDaddy.com, LLC and click “remove roles”. See image below:
Then you can click on the “Remove roles” button. See below:
Important Note: You can also remove the Global Admin rights assigned to the two Service Principals that GoDaddy added here: https://portal.azure.com/#view/Microsoft_AAD_IAM/PartnerRelationships.ReactView.
If you want to change the licenses that the users have, you will need to check in with the available products under billing and assign the licenses from there.
You can find the billing section in the Microsoft 365 admin center:
Step#5: Cancel GoDaddy subscription
Before you do this, make sure that you have already removed GoDaddy as the delegated admin.
That’s because GoDaddy will delete all the users in the account and remove the primary domain associated with that account.
Although you can still do something if you didn’t remove them as the delegated admin, the process is lengthy and includes downtime.
If you’re not sure how to do that:
- Navigate to the Microsoft 365 admin center
- Go to the partner relationships tab on the settings
After that:
- Find GoDaddy from the list
- Click the remove roles button at the bottom
Once successful, the system will notify you that the delegated admin roles have been removed from GoDaddy.com.
The last step here is to:
- Go to the GoDaddy account settings
- Cancel the renewal of your subscription
Once you do this, your subscription will not renew and will expire at the end of the term.
Take control of your tenant
How was the process?
Yes, it’s a bit tedious. But it’s certainly better than talking with GoDaddy’s customer service team for hours and ending up having less control over what happens.
Now, once you defederate from GoDaddy and cancel the licenses, you should be able to get new licenses from Microsoft directly.
If you want another option that will end up with you migrating directly to Microsoft 365, visit my GoDaddy to Microsoft 365 migration article to learn more.
Anyway, do you have any questions? Feel free to drop a comment or two and share what’s been on your mind.
If you want to work with me on this, please contact me using the contact page so I can get back to you asap.
So once the defederation is complete why would i then need to migrate to a new tenant? Would i not have full control of the tenant again at this stage?
Hey Mike – You are absolutely correct. I just corrected this above. Thanks for keeping me honest!
Aweosome info! You rock…
Got as far as this part:
Remove-MsolDomain -DomainName “domain.com” -Force
and I’m getting an error that says:
Remove-MsolDomain : Unable to remove this domain. Use Get-MsolUser –DomainName <domain name> to retrieve a list of objects that are blocking removal.
Any ideas?
Hey Eric,
See below:
This error on removing the Microsoft 365 domain occurs because some or all of the users’ UserPrincipalName and email addresses are using the domain you are trying to remove. Therefore, you must first change the UserPrincipalName of all users, email addresses, or Microsoft 365 accounts associated with the domain you are wanting to remove.
If you need more details, let me know or see this link.
Wow Ryan! Thanks for the prompt and helpful reply. You’re the man. So this client wants to keep all of their usernames, mailboxes and M365 licenses they’ve purchased, and they want to keep their domain. They just want to manage it directly in the tenant and have GoDaddy completelyout of the loop. Since I’m now able to log into admin.microsoft.com (THANK YOU!!) and managing it directly it seems I just need to get GoDaddy’s hooks out of the domain and associate my company as their Microsoft partner. Basically make it how it would be if they had set up this… Read more »
Got it all sorted without changing their userprincipalnames or deleting any users. Just changed the domain to managed from federated then removed all roles from GoDaddy as a partner, then changed the passwords on the users they created. All done. Another good overview here: https://www.youtube.com/watch?v=J6zvgC6HPmc
Thanks for the pointers! You got me over the hard part of getting it set to “managed”
Hey Eric – I’m glad you were able to get it sorted!
I just defederated our tenant, but now when we try to log in to the online portal or even OneDrive client it loops back to asking for our password. Any ideas?
you need to reset the user password. After that, it will work.
Ryan, thank you so much for this step-by-step tutorial. I have a client that I’m going to try this with soon. They have 16 users using Exchange, Teams, OneDrive, and Sharepoint. I’ve already reset the default admin account’s password, and I can log into the account, but of course, the admin portal redirects to GoDaddy’s site. If I run the powershell script to defederate GoDaddy, but I still want to keep the custom domain in the tenant, do I need remove the domain with this line? Remove-MsolDomain -DomainName “domain.com” -Force Won’t that remove the custom domain from the tenant? Would… Read more »
Sorry for the delay. You don’t need to remove any custom domains.
The above command is optional and is only needed if you want to fully remove the domain from the tenant.
Once you defederate, change all your passwords, and remove the partner relationship for GoDaddy, then effectively the tenant is in your control.
Defederation can definitely be easier than exporting data from one tenant to another.
yo! i am about to try this at my company. about 30ish email addresses.
will this provide a smooth transition for onedrive, power automate, and other office365 solutions?
I hope it worked out well for you! And yes it is a smooth transition.
You say “If you want another option that will end up with you migrating directly to Microsoft 365, visit my GoDaddy to Microsoft 365 migration article to learn more.”
Can you please explain the difference between the two?
Thanks so much for all you do!
Hey Gavin – Defederation will allow you to keep your existing tenant and doesn’t require a data migration. The other option would be to create a new Microsoft 365 tenant with Microsoft directly and then do a tenant-to-tenant migration, which is certainly more involved as you’d have to migrate data from multiple apps from the source tenant.
I’m looking to do this for a customer but they have about a dozen domains with different email/Office 365 users for each of them. I’m wondering if I defederate all the domains from GoDaddy will they all be moved to one Admin Center? Or will each domain move to it’s own admin center along with the users.
Each domain will remain in the same tenant so no worries there.
Love the guide, I’m about to migrate multiple clients and one thing that has come up is they have just renewed some of the email addresses with go daddy. When you defederate go daddy from the tenant are they able to maintain the license they are tied into or do we lose them? Dont want the client to have to pay for same license twice for the next 12 months.
we have done several client migrations. The licenses have continued to be available for use until they expire. Godaddy will tell you otherwise but we have not had any issues with it.
Jennifer, are stating contrary to Step #4 “Order licensing” the GoDaddy term is still valid? (Just like it is normally – i.e. if you acquired my client)
David – was Jennifer correct on the licensing term?
Ryan – @jennifer states that the licensing from GoDaddy is still good after defederation. Your tutorial states need to acquire new licensing. This would be great as I had a client that was just migrated from GoDaddy Workspace to M365 and auto renewed for 2 yrs. Can you confirm this?
The licensing is still good from GoDaddy even after defederation. You can acquire new licensing with Microsoft as needed.
Ryan – this is curious to me as the licenses sold by godaddy have unique names which seem proprietary to Godaddy. Once defederation is complete and we can access the admin panel, do the old godaddy licenses show in there? A tenant i’m going to migrate also has several licenses that were recently purchased.
The licenses will still be present. You will just want to eventually cancel them via GoDaddy and purchase directly from Microsoft as you find the proper equivalent licenses you need. You’ll want to do this before the licenses at GoDaddy expire.
Got it, so it will show the GD licenses in the MS admin console, even though they aren’t official MS licenses (i.e. “Microsoft 365 Email Plus with Security”, or “Microsoft 365 Secure Business Professional”. Good to know! Odd thing is, GD seemingly was able to create similar license types with different expiration dates. Normally what happens, with NCE licensing anyway, is that you buy a standard license, which starts an agreement, then if you add another one say 6 months down the road, it’s added to that agreement but prorated. This makes a cut over complicated as there will be… Read more »
I agree. There will most likely be some license overlap but that is to be expected.
Defederated successfully, but found an unusual login. After defederation, I attempted to delete a user from the GoDaddy portal. This worked fine, and as expected the mailbox/account was not deleted in O365. But, I DID see two unusual non0interactive sign in logs from GoDaddy at the time I deleted the account. One was to Partner Center Web App, and another to Exchange Online Remote Powershell. While the sign in logs indicated success, it does not seem anything destructive actually occurred on the tenant. But, I sure would like to get to the bottom of this as it seems GoDaddy still… Read more »
Did you remove the GoDaddy partner relationship in M365 and any associated accounts?
\Thank you for the response.
Yes. Reset password on their original tenant admin account and enabled MFA on it.
To clarify, this was all done prior to deleting the account from GoDaddy. I also have a ticket open with Microsoft to determine how the successful login occurred. They initially said it is due to a still valid MFA token, but I explained that all GoDaddy accounts had been reset, and partner relationship roles removed. Furthermore. the successful login came from an external tenant, and yet we have no cross tenant access settings or B2B settings configured for GoDaddy. No further response from Microsoft yet, but still reluctant to perform more deletions at GoDaddy until the source of this successful… Read more »
I just found these 4 service principals still had global admin role assigned to them. They must not have been removed when we removed the partner roles for GoDaddy?
I’m going to be defederating soon and I’ve noticed these two ‘Partner Center Web App’ and ‘Support’ ServicePrincipal users that have Global Admin rights. Did you delete both of these or just remove the Global Admin rights? Thanks.
So I done this in a test environment but have a strange issue. I have ended up with seemingly two tenants. for this example lets say I am moving contoso.com. The admin account I used for this is as it is the only admin account with a .onmicrosoft.com domain in my 365 tenant with GoDaddy. There is no . After the migration I logged in with and everything appears to of transferred except the contoso.com domain and licensing. Email is still working though. I now have a seperate account called and when I login I am greeted… Read more »
I am also wondering about this for the future if we decide to defederate from godaddy. Our admin account is the same where there is no “” but there is an “”.
Did you ever figure this out?
Thanks.
Hi Scott,
For a Godaddy M365 tenant, the onmicrosoft subdomain will be something like netorgxxxx.onmicrosoft.com, that is the admin account that you should be looking for.
Hey thanks for the quick reply. I was specifically wondering about the issue of:
Not sure if they are experiencing two separate tenants after defederating?
Thanks.
Out of all the defederations I’ve done, I have never experienced that. Sounds like he may have had two separate tenants from the start.
What is the difference between defederating and migrating? If you were to defederate a tenant from GoDaddy to M365 would all data still be available including emails, sharepoint, OneDrive, etc. Thanks,
After defederating from GoDaddy I am encountering issues with creating organjzational relationships with other tenants in our organization.
I am getting the following error:
Organization relationship creation failed
|Microsoft.Exchange.Configuration.Tasks.InvalidOperationInDehydratedContextException|The command you tried to run isn’t currently allowed in your organization. To run this command, you first need to run the command: Enable-OrganizationCustomization.
But then even after running the suggested script in powershell I am still having the same issue. In fact the powershell script does nothing.
Would you have any ideas on how to solve this blocker?
This worked almost perfectly, thanks so much. I had an issue with PowerShell not being able to authenticate due to needing to “Update the browser” but following this YouTube video resolved that: https://www.youtube.com/watch?v=cBF1FlHSj7c
Great write-up. My organization has a new MS tenant which will include email services. I actually don’t care about existing users or any data since there was only one account and it was just used as a catch-all email account. All I want to do is assign the domain to the new tenant to allow it to send and receive emails.
So, if I am understanding your defederation instructions correctly, by following these steps and including the optional “Remove-MsolDomain –DomainName “domain.com” –Force” step, my domain now be available to reassign to my new MS tenant, right?
Thanks!
That is correct.
OK – I followed this guide, and de-federation wasn’t too bad. We have our own licenses now, and now we see a combination of our new licenses and the ones from godaddy. Within Godaddy we removed all e-mail accounts and they did not remove in our admin console, which is indicative we did it correctly. The connection was severed successfully. However – they still show up as a reseller in our partner section. We are unable to remove this ourselves. Before calling Godaddy support to request this, we did remove all licenses from godaddy after removing the users. They are… Read more »
Give me a call if you can. 630-733-9911.
Thanks! I just left you a VM with how to reach me. Appreciate you.
I checked the tenant today, and all of the Godaddy licenses are gone. So at least that worked but I believe that was from me doing the delete in the Godaddy side of things. So their reseller relationship is definitely still alive and active. No idea why they can’t just remove it on their side usually that’s done in their partner console and has nothing to do with anything else. As an MSP, that is how I do things anyway? I’m going to see if I can force MS to remove it.
I called you back on 3/25 and left a VM. I’ll some time Friday morning if you still want to discuss. There may be some service principals that you can delete as well. See above.
i do not have azure active directory as an option in step 2….any idea why? cant progress because of it
You should have it as it is a requirement. What happens when you go to https://portal.azure.com?
i figured it out. Your response time and the blog was amazing.ty so much !!
Thanks, this worked great for me! (well with the slightly updated script from tminus). I didn’t add a new provider or provision new licensing as my godaddy license seems to still be working, even after i removed them from the account. Should I rely on this to keep working?
Thanks again!
I’m starting to think this was a mistake. It may remove GoDaddy’s permissions, but it certainly doesn’t remove them from the account. Take the hit, go with their official process.
Think this should be taken down now – GoDaddy actually offer a proper service to move your tenant as of about 9 months ago
That’s fine if they offer such a service but people should know that they have the right to do this themselves or that they can always go with Microsoft directly.
Hi,
I am currently with cloudflare for domain and with godaddy for the email. Do I need to do anything on the DNS, mx or anything? Thanks
If you are stuck with a “Choose a way to sign in” blank message after running the PowerShell, you must reset the user’s password. That is the only fix to this issue that I know of.
Si tengo 60 cuentas de correo y vencen en diferentes fechas, al desfederar pierdo la información de mis cuentas de correo?. ̈Puedo ir haciendo parcialmente las cuentas de godaddy a Microsoft para no perder dinero.
I defederated using this process awhile back. I set my licences in GoDaddy not to auto-renew, and it the first one has now expired and showing expired in GoDaddy. I was expecting this users email to just stop working but it appears to still be working and on the ‘Licences and Apps’ tab for this user it still shows a licence assigned and ‘0 of 14 licences available’ when I was expecting this to auto-unassign from the user and number of licence to decrease by one. Do you know what happening here and if this licence will eventually drop off?… Read more »
The “Set-MsolDomainAuthentication -DomainName “domain.com” -Authentication Managed” PowerShell command was exactly the bit I needed. Thank you for posting this!
I know that this is an older article, but I want to thank you, @Ryan Clark Clark. I have been wanting to do this for over a year and finally after reading your article felt that I could accomplish it. I knocked this out on Friday evening and worked with Microsoft on finding the correct plan for my needs and they found one that isn’t normally listed on the comparison page and cost less than half of what I thought my monthly subscription was going to be. I feel so good finally having this under my control and not GoDaddy’s.