Improve Office 365 sign-in for Yammer with auto-acceleration policy

To improve the Office 365 sign-in experience for Yammer, use Auto-acceleration Policy to accelerate directly to ADFS federated domain bypassing Office 365 login page. 

Prerequisites

  • You must be a global administrator in Office 365 to run the PowerShell commands.

  • Download and Install PackageManagement PowerShell Modules Preview from here

  • Download and Install Azure Active Directory V2 PowerShell Module - Public Preview Release (Reference).

  • Open administrative AAD Powershell and run following commands:

Save-Module -Name AzureADPreview -Path <path>

 Important: The Save-Module command will download the module from the Internet. You need a working internet connection on the computer where you are running these commands.

Install-Module -Name AzureADPreview

Enable policy

  1. Run the following commands:

    Connect to Tenant’s Azure AD. This command will prompt you for credentials. Sign in using admin credentials.

    connect-AzureAD [-tenantID | -tenantDomain] <tenant name>

    Examnple sign-in using admin credentials.

  2. Check that no policy of the same name exists already.

    get-AzureADPolicy
  3. Create a new policy:

    • If you have a single federated domain that will authenticate users for applications, set HRD policy by running the following command:

      New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true}}") -DisplayName
       BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
    • If you have multiple federated domains and have a preferred domain for your application against which users will authenticate, set Policy by typing the following command:

      New-AzureADPolicy -Definition @("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`":true,`”PreferredDomain`”:`”contoso.com`”}}")
       -DisplayName BasicAutoAccelerationPolicy -Type HomeRealmDiscoveryPolicy
  4. Note object-id of policy you’ve just created

    get-AzureADPolicy

    Example output of new policy

  5. Note ObjectId of servicePrincipal for Yammer application (Redirect output to a text file for easy search). The AppDisplayName would be “Office 365 Yammer” with AppID of 00000005-00000ff1-ce00-000000000000

    Get-AzureADServicePrincipal | fl > output.txt

    Command line for redirecting output to a text file

    Example of output to a text file

  6. Finally, Add the policy for Yammer service.

    Add-AzureADServicePrincipalPolicy -ID <ObjectID of the Service Principal copied from #5> -RefObjectId <ObjectId of the Policy copied from #4>

    Command line for adding the policy for Yammer service

List of commands in order

These are the commands you must run to enable the policy. Run them one line at a time and review the output after each command:

Connect-AzureAD -TenantDomain <Tenant-Name>

get-AzureADPolicy

$PolicyId = New-AzureADPolicy -Definition

@("{`"HomeRealmDiscoveryPolicy`":{`"AccelerateToFederatedDomain`"

:true}}") -DisplayName BasicAutoAccelerationPolicyforYammer -Type HomeRealmDiscoveryPolicy

get-AzureADPolicy

$yamObjectId = Get-AzureADServicePrincipal | ?{$_.AppDisplayName -eq 'Office 365 Yammer'}

Add-AzureADServicePrincipalPolicy -Id $yamObjectId.ObjectId - RefObjectId $PolicyId.Id

Note: Change the third command shown above if you have multiple federated domain.

Testing

In a new in-private browser session, sign in to Yammer with user credentials from the federated domain.  Check that sign in flow skips AAD page and goes straight to ADFS sign in page.  If it does, success!

Scenarios

The following table summarizes the authorization flows for this policy.

Login

Flow without policy

Flow with policy

Yammer.com

Email address > Azure AD login > ADFS login

Email address > ADFS login

Yammer.com/mycompany.com

Email address > Azure AD login > ADFS login

Email address > ADFS login

Expand your skills
Explore training
Get new features first
Join Office Insiders

Was this information helpful?

Thank you for your feedback!

Thank you for your feedback! It sounds like it might be helpful to connect you to one of our Office support agents.

×