Defederate GoDaddy Microsoft 365 — Free GoDaddy to Microsoft 365 Migration Tool
Defederate GoDaddy Microsoft 365 — download the scripts below, follow the 10-step guide, and remove GoDaddy's control from your tenant.
Download Free GoDaddy Defederation Scripts
Do NOT cancel your GoDaddy subscription before completing all 11 steps. GoDaddy runs an automated script that deletes all users and removes your domain. Complete Steps 1-9 first, remove GoDaddy as Delegated Admin, remove their Enterprise App, then cancel.
Disclaimer: These scripts are provided as-is. You are expected to have working knowledge of Microsoft 365 administration and PowerShell. We are not responsible for any issues arising from their use.
Recommended
All-in-One Defederation Wizard
Interactive script — enter your domain, sign in once, and it walks you through every step: readiness check, federation removal, password resets, DNS validation, app cleanup, and health check. Confirm each step before it runs.
Download GoDaddy-Defederate.ps1 ↓
Or download individual scripts:
Before
Readiness Check
Download .ps1 ↓
During
DNS Validation
Download .ps1 ↓
After
Health Check
Download .ps1 ↓
Bundle
All Scripts + README
Download .zip ↓
If you have GoDaddy Microsoft 365 (you log into office.com, use Outlook/Teams, but GoDaddy manages it) — follow the 11 steps below. If you have GoDaddy email only (Workspace, cPanel, Plesk, IMAP) — check our IMAP to Microsoft 365 migration services. Not technical? We do this for you | Live chat.
Step 1: Run the Tenant Readiness Check Script
First, allow PowerShell to run downloaded scripts (run this once as Administrator):
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUserDownload and run this before anything else. It checks federation status, users, DNS, delegated admin, and generates a CSV report.
#Requires -Version 5.1
<#
.SYNOPSIS
GoDaddy Defederation Tenant Readiness Check
by Medha Cloud (https://medhacloud.com)
.DESCRIPTION
Checks your Microsoft 365 tenant's readiness for defederation from GoDaddy.
Validates: federation status, admin access, DNS records, licenses,
delegated admin, enterprise apps, and email security configuration.
.NOTES
Version: 2.0 (March 2026)
Requires: Microsoft.Graph PowerShell SDK
Download: https://medhacloud.com/blog/defederate-godaddy-microsoft-365
#>
param(
[Parameter(Mandatory = $true)]
[string]$DomainName
)
# Colors and formatting
function Write-Check { param($msg) Write-Host " [CHECK] " -ForegroundColor Cyan -NoNewline; Write-Host $msg }
function Write-Pass { param($msg) Write-Host " [PASS] " -ForegroundColor Green -NoNewline; Write-Host $msg }
function Write-Fail { param($msg) Write-Host " [FAIL] " -ForegroundColor Red -NoNewline; Write-Host $msg }
function Write-Warn { param($msg) Write-Host " [WARN] " -ForegroundColor Yellow -NoNewline; Write-Host $msg }
function Write-Section { param($msg) Write-Host "`n========================================" -ForegroundColor White; Write-Host " $msg" -ForegroundColor White; Write-Host "========================================" -ForegroundColor White }
$report = @{
Domain = $DomainName
Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
Checks = @()
}
function Add-Check {
param($Category, $Name, $Status, $Details)
$report.Checks += [PSCustomObject]@{
Category = $Category
Check = $Name
Status = $Status
Details = $Details
}
}
Write-Host "`n"
Write-Host "=================================================" -ForegroundColor Green
Write-Host " GoDaddy Defederation Tenant Readiness Check" -ForegroundColor Green
Write-Host " by Medha Cloud - https://medhacloud.com" -ForegroundColor Green
Write-Host " Domain: $DomainName" -ForegroundColor Green
Write-Host "=================================================" -ForegroundColor Green
# ── 1. Module Check ──
Write-Section "1. Microsoft Graph Module"
Write-Check "Checking for Microsoft.Graph module..."
$modules = @(
"Microsoft.Graph.Authentication",
"Microsoft.Graph.Identity.DirectoryManagement",
"Microsoft.Graph.Users",
"Microsoft.Graph.Groups"
)
foreach ($mod in $modules) {
if (Get-Module -Name $mod -ListAvailable) {
Write-Pass "$mod installed"
Add-Check "Prerequisites" $mod "PASS" "Module installed"
} else {
Write-Fail "$mod NOT found - Installing..."
try {
Install-Module -Name $mod -Scope CurrentUser -Force -AllowClobber
Write-Pass "$mod installed successfully"
Add-Check "Prerequisites" $mod "PASS" "Module installed (auto)"
} catch {
Write-Fail "Failed to install $mod : $_"
Add-Check "Prerequisites" $mod "FAIL" $_.Exception.Message
}
}
}
# ── 2. Connect to Microsoft Graph ──
Write-Section "2. Connecting to Microsoft Graph"
Write-Check "Requesting scopes: Domain.Read.All, User.Read.All, Directory.Read.All..."
try {
Connect-MgGraph -Scopes "Domain.Read.All","User.Read.All","Directory.Read.All","Application.Read.All","DelegatedAdminRelationship.Read.All" -ErrorAction Stop
$context = Get-MgContext
Write-Pass "Connected as: $($context.Account)"
Add-Check "Connection" "Microsoft Graph" "PASS" "Connected as $($context.Account)"
} catch {
Write-Fail "Failed to connect: $_"
Add-Check "Connection" "Microsoft Graph" "FAIL" $_.Exception.Message
Write-Host "`nCannot continue without Microsoft Graph connection. Exiting." -ForegroundColor Red
exit 1
}
# ── 3. Domain Federation Status ──
Write-Section "3. Domain Federation Status"
Write-Check "Checking authentication type for $DomainName..."
try {
$domain = Get-MgDomain -DomainId $DomainName
$authType = $domain.AuthenticationType
if ($authType -eq "Federated") {
Write-Warn "Domain is FEDERATED - Defederation required"
Add-Check "Federation" "Authentication Type" "ACTION" "Domain is Federated - defederation needed"
} elseif ($authType -eq "Managed") {
Write-Pass "Domain is already MANAGED - No defederation needed!"
Add-Check "Federation" "Authentication Type" "PASS" "Already Managed"
} else {
Write-Warn "Unknown authentication type: $authType"
Add-Check "Federation" "Authentication Type" "WARN" "Unknown: $authType"
}
# Check ALL domains in tenant
Write-Check "Checking all domains in tenant..."
$allDomains = Get-MgDomain
foreach ($d in $allDomains) {
$status = if ($d.AuthenticationType -eq "Federated") { "FEDERATED" } else { "Managed" }
Write-Host " $($d.Id) - $status" -ForegroundColor $(if ($d.AuthenticationType -eq "Federated") { "Yellow" } else { "Gray" })
Add-Check "Federation" "Domain: $($d.Id)" $(if ($d.AuthenticationType -eq "Federated") { "ACTION" } else { "PASS" }) $d.AuthenticationType
}
} catch {
Write-Fail "Failed to check domain: $_"
Add-Check "Federation" "Domain Check" "FAIL" $_.Exception.Message
}
# ── 4. User and License Inventory ──
Write-Section "4. User & License Inventory"
Write-Check "Enumerating all users..."
try {
$allUsers = Get-MgUser -All -Property DisplayName,UserPrincipalName,AccountEnabled,AssignedLicenses,UserType
$memberUsers = $allUsers | Where-Object { $_.UserType -eq "Member" }
$guestUsers = $allUsers | Where-Object { $_.UserType -eq "Guest" }
$enabledUsers = $memberUsers | Where-Object { $_.AccountEnabled -eq $true }
$disabledUsers = $memberUsers | Where-Object { $_.AccountEnabled -eq $false }
$licensedUsers = $memberUsers | Where-Object { $_.AssignedLicenses.Count -gt 0 }
Write-Pass "Total users: $($allUsers.Count)"
Write-Host " Members: $($memberUsers.Count) | Guests: $($guestUsers.Count)" -ForegroundColor Gray
Write-Host " Enabled: $($enabledUsers.Count) | Disabled: $($disabledUsers.Count)" -ForegroundColor Gray
Write-Host " Licensed: $($licensedUsers.Count)" -ForegroundColor Gray
Add-Check "Users" "Total Count" "INFO" "Members: $($memberUsers.Count), Guests: $($guestUsers.Count), Licensed: $($licensedUsers.Count)"
# List all users for password reset planning
Write-Host "`n Users requiring password reset after defederation:" -ForegroundColor Cyan
foreach ($user in ($enabledUsers | Sort-Object DisplayName)) {
Write-Host " - $($user.DisplayName) ($($user.UserPrincipalName))" -ForegroundColor Gray
}
} catch {
Write-Fail "Failed to enumerate users: $_"
Add-Check "Users" "Enumeration" "FAIL" $_.Exception.Message
}
# ── 5. Delegated Admin Check ──
Write-Section "5. Delegated Admin Relationships"
Write-Check "Checking for GoDaddy delegated admin..."
try {
$partners = Get-MgDirectoryPartnerTenantRelationship -ErrorAction SilentlyContinue
if ($partners) {
foreach ($partner in $partners) {
Write-Warn "Delegated Admin found: $($partner.DisplayName) - Status: $($partner.Status)"
Add-Check "Delegated Admin" $partner.DisplayName "ACTION" "Must be removed before cancellation"
}
} else {
Write-Pass "No delegated admin relationships found"
Add-Check "Delegated Admin" "Partner Check" "PASS" "None found"
}
} catch {
Write-Warn "Could not enumerate delegated admin relationships (may need higher permissions)"
Add-Check "Delegated Admin" "Partner Check" "WARN" "Insufficient permissions to check"
}
# ── 6. Enterprise App Check ──
Write-Section "6. Enterprise Applications (GoDaddy)"
Write-Check "Looking for GoDaddy / Partner Center enterprise apps..."
try {
$apps = Get-MgServicePrincipal -All | Where-Object {
$_.DisplayName -match "GoDaddy|Partner Center|Wild West" -or
$_.AppId -in @("00000003-0000-0ff1-ce00-000000000000")
}
if ($apps) {
foreach ($app in $apps) {
Write-Warn "Found: $($app.DisplayName) (AppId: $($app.AppId))"
Add-Check "Enterprise Apps" $app.DisplayName "ACTION" "Must be removed - AppId: $($app.AppId)"
}
} else {
Write-Pass "No GoDaddy enterprise apps found"
Add-Check "Enterprise Apps" "GoDaddy Apps" "PASS" "None found"
}
} catch {
Write-Warn "Could not enumerate enterprise apps: $_"
Add-Check "Enterprise Apps" "App Check" "WARN" $_.Exception.Message
}
# ── 7. DNS Record Validation ──
Write-Section "7. DNS Records"
Write-Check "Checking current DNS configuration for $DomainName..."
$dnsChecks = @(
@{ Type = "MX"; Name = $DomainName },
@{ Type = "TXT"; Name = $DomainName },
@{ Type = "CNAME"; Name = "autodiscover.$DomainName" }
)
foreach ($check in $dnsChecks) {
try {
$result = Resolve-DnsName -Name $check.Name -Type $check.Type -ErrorAction Stop
foreach ($r in $result) {
$value = switch ($check.Type) {
"MX" { "$($r.NameExchange) (Priority: $($r.Preference))" }
"TXT" { ($r.Strings -join " ") }
"CNAME" { $r.NameHost }
default { $r.ToString() }
}
# Check for Proofpoint/third-party email security
if ($check.Type -eq "MX" -and $value -match "pphosted|proofpoint|barracuda|mimecast") {
Write-Warn "$($check.Type): $value (THIRD-PARTY EMAIL SECURITY DETECTED)"
Add-Check "DNS" "$($check.Type) Record" "WARN" "Third-party email security: $value - MX records must be updated after defederation"
} else {
Write-Pass "$($check.Type): $value"
Add-Check "DNS" "$($check.Type) Record" "INFO" $value
}
}
} catch {
Write-Fail "Could not resolve $($check.Type) for $($check.Name)"
Add-Check "DNS" "$($check.Type) Record" "FAIL" "DNS lookup failed"
}
}
# Check for DKIM
Write-Check "Checking DKIM selectors..."
foreach ($selector in @("selector1", "selector2")) {
try {
$dkim = Resolve-DnsName -Name "$selector._domainkey.$DomainName" -Type CNAME -ErrorAction Stop
Write-Pass "DKIM $selector : $($dkim.NameHost)"
Add-Check "DNS" "DKIM $selector" "PASS" $dkim.NameHost
} catch {
Write-Warn "DKIM $selector not found (will need to be configured post-defederation)"
Add-Check "DNS" "DKIM $selector" "ACTION" "Not configured - set up after defederation"
}
}
# Check DMARC
try {
$dmarc = Resolve-DnsName -Name "_dmarc.$DomainName" -Type TXT -ErrorAction Stop
Write-Pass "DMARC: $($dmarc.Strings -join ' ')"
Add-Check "DNS" "DMARC" "PASS" ($dmarc.Strings -join ' ')
} catch {
Write-Warn "DMARC not found (strongly recommended to configure)"
Add-Check "DNS" "DMARC" "ACTION" "Not configured"
}
# ── 8. Generate Report ──
Write-Section "READINESS REPORT"
$passCount = ($report.Checks | Where-Object { $_.Status -eq "PASS" }).Count
$failCount = ($report.Checks | Where-Object { $_.Status -eq "FAIL" }).Count
$actionCount = ($report.Checks | Where-Object { $_.Status -eq "ACTION" }).Count
$warnCount = ($report.Checks | Where-Object { $_.Status -eq "WARN" }).Count
Write-Host "`n Results Summary:" -ForegroundColor White
Write-Host " PASS: $passCount" -ForegroundColor Green
Write-Host " ACTION: $actionCount (items to address)" -ForegroundColor Yellow
Write-Host " WARN: $warnCount (review recommended)" -ForegroundColor Yellow
Write-Host " FAIL: $failCount (blockers)" -ForegroundColor Red
if ($failCount -eq 0) {
Write-Host "`n ✅ READY FOR DEFEDERATION" -ForegroundColor Green
Write-Host " Follow the guide at: https://medhacloud.com/blog/defederate-godaddy-microsoft-365" -ForegroundColor Cyan
} else {
Write-Host "`n ❌ NOT READY - Fix FAIL items before proceeding" -ForegroundColor Red
}
# Export report
$reportPath = "GoDaddy-Defederation-Report-$(Get-Date -Format 'yyyyMMdd-HHmmss').csv"
$report.Checks | Export-Csv -Path $reportPath -NoTypeInformation
Write-Host "`n Report saved to: $reportPath" -ForegroundColor Cyan
Write-Host "`n Need help? Contact Medha Cloud:" -ForegroundColor White
Write-Host " https://medhacloud.com/professional-services/migrations/godaddy-to-microsoft-365-migration" -ForegroundColor Cyan
Write-Host ""
# Disconnect
Disconnect-MgGraph | Out-Null
How to use it:
- Open PowerShell as Administrator
- Save the script as
GoDaddy-ReadinessCheck.ps1 - Run:
.GoDaddy-ReadinessCheck.ps1 -DomainName yourdomain.com - Review the output and CSV report
Sample CSV output:
| Category | Check | Status | Details |
|---|---|---|---|
| Prerequisites | Microsoft.Graph.Authentication | PASS | Module installed |
| Prerequisites | Microsoft.Graph.Identity.DirectoryManagement | PASS | Module installed |
| Connection | Microsoft Graph | PASS | Connected as admin@NETORG123.onmicrosoft.com |
| Federation | Authentication Type | ACTION | Domain is Federated — defederation needed |
| Federation | Domain: contoso.com | ACTION | Federated |
| Federation | Domain: NETORG123.onmicrosoft.com | PASS | Managed |
| Users | Total Count | INFO | Members: 24, Guests: 3, Licensed: 22 |
| Delegated Admin | GoDaddy.com LLC | ACTION | Must be removed before cancellation |
| Enterprise Apps | Partner Center Web App | ACTION | Must be removed — AppId: 00000003-0000-0ff1... |
| DNS | MX Record | INFO | contoso-com.mail.protection.outlook.com (Priority: 0) |
| DNS | TXT Record | INFO | v=spf1 include:spf.protection.outlook.com -all |
| DNS | DKIM selector1 | ACTION | Not configured — set up after defederation |
| DNS | DKIM selector2 | ACTION | Not configured — set up after defederation |
| DNS | DMARC | PASS | v=DMARC1; p=quarantine; rua=mailto:dmarc@contoso.com |
PASS = ready. ACTION = fix before proceeding. INFO = review. The script saves this as GoDaddy-Defederation-Report-[date].csv in your current directory.
Step 2: Get Global Admin Access
Two logins needed: Your GoDaddy account (godaddy.com — for managing your subscription) and your GoDaddy-provisioned M365 admin account (e.g. admin@yourdomain.com — for managing Microsoft 365). These are different accounts.
GoDaddy creates a hidden Global Admin at admin@NETORGFT[random].onmicrosoft.com. Your regular admin account may not have full Global Admin rights. Here's how to take control:
Find and secure Global Admin:
- Log into admin.godaddy.com → find your Microsoft 365 admin email (usually
admin@yourdomain.com) - Sign into entra.microsoft.com with that M365 admin account
- Go to Users → All users — look for the hidden
admin@NETORGFT[random].onmicrosoft.comaccount - If you can see it, reset its password and note it down
- If you can't find it, go to Roles and administrators → Global administrator to see which accounts have the role
Create a backup Global Admin (recommended):
- In Entra admin center, go to Users → New user → Create new user
- Create an account like
breakglass@yourdomain.com— no license needed - Go to Roles and administrators → Global administrator → Add assignments → add this new user
- Sign out, open InPrivate/Incognito, sign in with the new account to verify it works
You now have two Global Admin accounts. Use either one for the defederation steps. The backup account ensures you're never locked out if something goes wrong.
Step 3: Prepare Your End Users
Communication is critical. When you remove federation, every user's existing password becomes invalid. They'll need to sign in with a new temporary password and then set their own.
Send this email template to all users (customize as needed):
Subject: Important: Email System Maintenance — Action Required
Hi Team,
On [DATE] at [TIME], we're upgrading our Microsoft 365 account to give us better security and more features. During this change:
- Your current password will stop working
- You'll receive a temporary password via [SMS/personal email/printed slip]
- When you log in with the temporary password, you'll be asked to create a new one
- All your emails, files, and Teams data will remain intact — nothing is deleted
What you need to do:
- After [TIME], go to office.com
- Sign in with your email and the temporary password
- Create a new password when prompted
- Re-sign into Outlook, Teams, and any Office apps on your devices
If you have any issues, contact [IT Contact Name] at [phone/email].
Step 4: Remove Federation with PowerShell
This is the core step. You'll use the Microsoft Graph PowerShell SDK to convert your domain from "Federated" to "Managed".
Install the Microsoft Graph PowerShell SDK (if not already installed):
Install-Module -Name Microsoft.Graph.Identity.DirectoryManagement -Scope CurrentUser -Force
Install-Module -Name Microsoft.Graph.Users -Scope CurrentUser -Force
Install-Module -Name Microsoft.Graph.Authentication -Scope CurrentUser -Force
Connect and check federation status:
Connect-MgGraph -Scopes "Domain.ReadWrite.All", "User.ReadWrite.All", "Directory.ReadWrite.All"
# Check current status of all domains
Get-MgDomain | Select-Object Id, AuthenticationType, IsVerified | Format-Table
You should see your domain listed as Federated.
Convert from Federated to Managed:
# Convert the domain
Update-MgDomain -DomainId "yourdomain.com" -AuthenticationType "Managed"
# Verify the change
Get-MgDomain -DomainId "yourdomain.com" | Select-Object Id, AuthenticationType
ALL domains in your tenant must be converted to Managed — even unused ones. If any domain remains Federated, the process won't complete properly. Run Get-MgDomain and convert each one.
If you get an error:
The most common error is "Insufficient privileges". This means you're not signed in with the true Global Admin (the onmicrosoft.com account). Disconnect and reconnect:
Disconnect-MgGraph
Connect-MgGraph -Scopes "Domain.ReadWrite.All" -TenantId "yourtenant.onmicrosoft.com"
Step 5: Reset All User Passwords
After removing federation, all existing passwords are invalidated because they were managed by GoDaddy's identity provider. You must reset every user's password. Temporary passwords must meet your tenant's password complexity policy (default: 8+ characters, mix of upper/lower/numbers/symbols).
Option A: Single user reset (Admin Center UI)
- Go to admin.microsoft.com
- Navigate to Users → Active users
- Click the user → Reset password
- Choose "Auto-generate password" or set a custom one
- Check "Require this user to change their password when they first sign in"
Option B: Bulk reset via PowerShell (recommended for 10+ users)
# Connect to Graph
Connect-MgGraph -Scopes "User.ReadWrite.All"
# Get all member users
$users = Get-MgUser -All -Filter "userType eq 'Member'" | Where-Object { $_.AccountEnabled -eq $true }
# Generate a temp password
$tempPassword = "Temp@" + (Get-Random -Minimum 100000 -Maximum 999999)
Write-Host "Temporary password for all users: $tempPassword" -ForegroundColor Yellow
Write-Host "Users will be forced to change this on first login.`n" -ForegroundColor Yellow
foreach ($user in $users) {
try {
$passwordProfile = @{
Password = $tempPassword
ForceChangePasswordNextSignIn = $true
}
Update-MgUser -UserId $user.Id -PasswordProfile $passwordProfile
Write-Host "[OK] $($user.DisplayName) ($($user.UserPrincipalName))" -ForegroundColor Green
} catch {
Write-Host "[FAIL] $($user.DisplayName): $($_.Exception.Message)" -ForegroundColor Red
}
}
Write-Host "`nDone! Distribute the temp password: $tempPassword" -ForegroundColor Cyan
Option C: Unique passwords per user via CSV
Create a CSV file passwords.csv:
UserPrincipalName,NewPassword
alice@yourdomain.com,Alice@Temp2026!
bob@yourdomain.com,Bob@Temp2026!
carol@yourdomain.com,Carol@Temp2026!
# Bulk reset with unique passwords
Connect-MgGraph -Scopes "User.ReadWrite.All"
$users = Import-Csv -Path "passwords.csv"
$results = @()
foreach ($user in $users) {
try {
$passwordProfile = @{
Password = $user.NewPassword
ForceChangePasswordNextSignIn = $true
}
Update-MgUser -UserId $user.UserPrincipalName -PasswordProfile $passwordProfile
$results += [PSCustomObject]@{ User = $user.UserPrincipalName; Status = "Success" }
Write-Host "[OK] $($user.UserPrincipalName)" -ForegroundColor Green
} catch {
$results += [PSCustomObject]@{ User = $user.UserPrincipalName; Status = "FAILED: $($_.Exception.Message)" }
Write-Host "[FAIL] $($user.UserPrincipalName): $($_.Exception.Message)" -ForegroundColor Red
}
}
$results | Export-Csv -Path "password-reset-results.csv" -NoTypeInformation
Write-Host "`nResults saved to password-reset-results.csv" -ForegroundColor Cyan
Step 6: Handle Third-Party Email Security
Some GoDaddy plans bundle email security services that route mail through a third party. If you have one of these, your MX records point to the third party, not Microsoft. Failing to handle this correctly will cause email to stop flowing. If you're coming from an on-premises Exchange server, check our Exchange Server to Microsoft 365 migration guide instead.
Proofpoint (most common with GoDaddy)
Check your MX records. If they point to something like *.pphosted.com, Proofpoint is in the path.
After defederation:
- If you want to keep Proofpoint: Re-authenticate Proofpoint with your new admin credentials and verify the smart host connector
- If you want to remove Proofpoint: Change MX records to point directly to Microsoft (
yourdomain-com.mail.protection.outlook.com)
Barracuda Email Security Gateway
After defederation:
- Update the Azure AD app registration in Barracuda's portal
- Re-authenticate with new Global Admin credentials
- Verify inbound/outbound mail flow rules
Mimecast
After defederation:
- Re-sync the directory connection with new admin credentials
- Re-grant OAuth permissions for the Mimecast app
- Verify mail routing and journal rules
No third-party email security?
If your MX records point directly to *.mail.protection.outlook.com, you're good — no additional action needed for mail routing.
Step 7: Update DNS Records
After defederation, verify and update these DNS records at your domain registrar (GoDaddy, Cloudflare, etc.):
MX Record (Mail Exchange)
Type: MX
Host: @
Value: yourdomain-com.mail.protection.outlook.com
Priority: 0
TTL: 3600
SPF Record (Sender Policy Framework)
Type: TXT
Host: @
Value: v=spf1 include:spf.protection.outlook.com -all
TTL: 3600
DKIM (DomainKeys Identified Mail)
Generate DKIM keys in the Microsoft 365 Defender portal:
- Go to security.microsoft.com → Policies & rules → Threat policies → Email authentication settings → DKIM
- Select your domain → Create DKIM keys
- Add the two CNAME records provided:
Type: CNAME
Host: selector1._domainkey
Value: selector1-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
Type: CNAME
Host: selector2._domainkey
Value: selector2-yourdomain-com._domainkey.yourtenant.onmicrosoft.com
DMARC Record
Type: TXT
Host: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:dmarc@yourdomain.com; pct=100
TTL: 3600
Autodiscover CNAME
Type: CNAME
Host: autodiscover
Value: autodiscover.outlook.com
TTL: 3600
SRV Records (Teams / Skype Federation)
Type: SRV
Service: _sip
Protocol: _tls
Port: 443
Weight: 1
Priority: 100
Target: sipdir.online.lync.com
Type: SRV
Service: _sipfederationtls
Protocol: _tcp
Port: 5061
Weight: 1
Priority: 100
Target: sipfed.online.lync.com
These SRV records enable Teams federation with external organizations. Without them, external contacts cannot find your organization for Teams calls and chat.
⚠️ DNS Propagation: Changes can take 24-48 hours to fully propagate, though most start working within 2-4 hours. Do not make additional DNS changes during propagation — each change restarts the clock.
Free Tool: DNS Validation Script
Run this after updating your DNS records to verify everything is configured correctly:
#Requires -Version 5.1
<#
.SYNOPSIS
GoDaddy Defederation DNS Validation Tool
by Medha Cloud (https://medhacloud.com)
.DESCRIPTION
Validates MX, SPF, DKIM, DMARC, and Autodiscover DNS records
after defederation from GoDaddy.
.PARAMETER DomainName
Your primary email domain (e.g., contoso.com)
#>
param(
[Parameter(Mandatory = $true)]
[string]$DomainName
)
$pass = 0; $fail = 0; $warn = 0
function Test-Record {
param($Name, $Type, $Expected, $Description)
try {
$result = Resolve-DnsName -Name $Name -Type $Type -ErrorAction Stop
$value = switch ($Type) {
"MX" { $result[0].NameExchange }
"TXT" { ($result | Where-Object { $_.Strings -match $Expected }).Strings -join " " }
"CNAME" { $result[0].NameHost }
}
if ($value -match $Expected) {
Write-Host " [PASS] $Description" -ForegroundColor Green
Write-Host " $value" -ForegroundColor Gray
$script:pass++
} else {
Write-Host " [WARN] $Description" -ForegroundColor Yellow
Write-Host " Found: $value" -ForegroundColor Yellow
Write-Host " Expected to contain: $Expected" -ForegroundColor Gray
$script:warn++
}
} catch {
Write-Host " [FAIL] $Description - Record not found" -ForegroundColor Red
$script:fail++
}
}
Write-Host "`n=================================================" -ForegroundColor Cyan
Write-Host " DNS Validation for: $DomainName" -ForegroundColor Cyan
Write-Host " by Medha Cloud" -ForegroundColor Cyan
Write-Host "=================================================`n" -ForegroundColor Cyan
# MX Record
Test-Record -Name $DomainName -Type "MX" -Expected "mail.protection.outlook.com" -Description "MX Record → Microsoft 365"
# SPF Record
Test-Record -Name $DomainName -Type "TXT" -Expected "spf.protection.outlook.com" -Description "SPF Record → Microsoft 365"
# DKIM Selector 1
Test-Record -Name "selector1._domainkey.$DomainName" -Type "CNAME" -Expected "domainkey" -Description "DKIM Selector 1"
# DKIM Selector 2
Test-Record -Name "selector2._domainkey.$DomainName" -Type "CNAME" -Expected "domainkey" -Description "DKIM Selector 2"
# DMARC
Test-Record -Name "_dmarc.$DomainName" -Type "TXT" -Expected "DMARC1" -Description "DMARC Record"
# Autodiscover
Test-Record -Name "autodiscover.$DomainName" -Type "CNAME" -Expected "autodiscover.outlook.com" -Description "Autodiscover CNAME"
Write-Host "`n-------------------------------------------------" -ForegroundColor White
Write-Host " Results: PASS=$pass | WARN=$warn | FAIL=$fail" -ForegroundColor White
if ($fail -eq 0 -and $warn -eq 0) {
Write-Host " ✅ All DNS records are correctly configured!" -ForegroundColor Green
} elseif ($fail -eq 0) {
Write-Host " ⚠️ DNS is functional but some records need review" -ForegroundColor Yellow
} else {
Write-Host " ❌ Fix FAIL items to ensure email delivery" -ForegroundColor Red
}
Write-Host "`n Guide: https://medhacloud.com/blog/defederate-godaddy-microsoft-365" -ForegroundColor Cyan
Write-Host ""
Step 8: Remove GoDaddy as Delegated Admin
This is the most critical step. If you skip this and cancel your GoDaddy subscription, they will delete your entire tenant. Sign in with the onmicrosoft.com Global Admin account (from Step 2), not your regular admin.
- Go to admin.microsoft.com (signed in as the onmicrosoft.com Global Admin)
- Navigate to Settings → Partner relationships
- Find GoDaddy (may appear as "Wild West Domains" or "GoDaddy")
- Click the relationship → Remove partner
- Confirm the removal
Verify it's done:
- Refresh the Partner relationships page — GoDaddy should be gone
- Check Entra ID → External Identities → All identity providers — no GoDaddy entries should remain
Step 9: Remove the Enterprise App (Critical)
Even after removing GoDaddy as delegated admin, they may still have an enterprise application registered in your Entra ID called "Partner Center Web App". This gives GoDaddy continued write access to your tenant — a security risk.
How to find and remove it:
- Go to entra.microsoft.com
- Navigate to Applications → Enterprise applications
- Search for "Partner Center" or "GoDaddy"
- If found, click the app → Properties → Delete
- Confirm deletion
⚠️ Warning: If you have your own CSP/MSP partner, make sure you're deleting the GoDaddy enterprise app, not your current partner's app. Check the App ID before deleting.
Verify with PowerShell:
Connect-MgGraph -Scopes "Application.Read.All"
Get-MgServicePrincipal -All | Where-Object { $_.DisplayName -match "Partner Center|GoDaddy|Wild West" } | Select-Object DisplayName, AppId
If nothing is returned, you're clean.
Step 10: Purchase and Reassign Licenses
GoDaddy does not remove licenses instantly — they stay active until your billing cycle ends. You have time. Buy new licenses through a CSP partner (like Medha Cloud) or direct from Microsoft, then reassign.
| Factor | CSP Partner | Microsoft Direct |
|---|---|---|
| Pricing | Often discounted (volume) | List price ($6-$22/user/mo) |
| Billing | Monthly, through partner | Monthly/Annual, credit card or invoice |
| Support | Partner first-line support | Microsoft support (can be slow) |
| Flexibility | Add/remove monthly | Annual commitment for best price |
Steps to reassign:
- Purchase new licenses (CSP or direct)
- Go to Microsoft 365 Admin Center → Billing → Licenses
- Assign new licenses to each user
- Verify users can access Outlook, Teams, SharePoint
- Unassign old GoDaddy licenses once new ones are confirmed working
Step 11: Cancel Your GoDaddy Subscription
Only do this after completing Steps 1-9. You need your GoDaddy account login (godaddy.com — the account that purchased M365, not the M365 admin).
- Log into your GoDaddy account at account.godaddy.com
- Go to My Products → Microsoft 365
- Click Manage next to your subscription
- Turn off auto-renewal or cancel immediately
What to expect:
- GoDaddy licenses remain active until the billing period ends
- Your domain registration (if at GoDaddy) is not affected — domain and M365 are separate products
- No data is lost — emails, files, Teams messages stay in your Microsoft 365 tenant
Free Tool: Post-Defederation Health Check
Run this script after completing all steps to verify your tenant is healthy:
#Requires -Version 5.1
<#
.SYNOPSIS
GoDaddy Defederation Post-Migration Health Check
by Medha Cloud (https://medhacloud.com)
.DESCRIPTION
Verifies tenant health after defederation: authentication, licenses,
admin roles, DNS, email flow, and security baseline.
#>
param(
[Parameter(Mandatory = $true)]
[string]$DomainName
)
Write-Host "`n=================================================" -ForegroundColor Green
Write-Host " Post-Defederation Health Check" -ForegroundColor Green
Write-Host " Domain: $DomainName" -ForegroundColor Green
Write-Host " by Medha Cloud" -ForegroundColor Green
Write-Host "=================================================`n" -ForegroundColor Green
$pass = 0; $fail = 0; $warn = 0
# Connect
Connect-MgGraph -Scopes "Domain.Read.All","User.Read.All","Directory.Read.All","Application.Read.All" -ErrorAction Stop
# 1. Federation Status
Write-Host "--- Authentication ---" -ForegroundColor Cyan
$domain = Get-MgDomain -DomainId $DomainName
if ($domain.AuthenticationType -eq "Managed") {
Write-Host " [PASS] Domain authentication: Managed" -ForegroundColor Green; $pass++
} else {
Write-Host " [FAIL] Domain still Federated!" -ForegroundColor Red; $fail++
}
# Check all domains
$fedDomains = Get-MgDomain | Where-Object { $_.AuthenticationType -eq "Federated" }
if ($fedDomains) {
Write-Host " [FAIL] Federated domains remaining: $($fedDomains.Id -join ', ')" -ForegroundColor Red; $fail++
} else {
Write-Host " [PASS] All domains are Managed" -ForegroundColor Green; $pass++
}
# 2. User Status
Write-Host "`n--- Users & Licenses ---" -ForegroundColor Cyan
$users = Get-MgUser -All -Property DisplayName,UserPrincipalName,AccountEnabled,AssignedLicenses | Where-Object { $_.UserType -eq "Member" }
$enabled = ($users | Where-Object { $_.AccountEnabled }).Count
$licensed = ($users | Where-Object { $_.AssignedLicenses.Count -gt 0 }).Count
$unlicensed = ($users | Where-Object { $_.AssignedLicenses.Count -eq 0 -and $_.AccountEnabled }).Count
Write-Host " [INFO] Enabled users: $enabled | Licensed: $licensed" -ForegroundColor Gray
if ($unlicensed -gt 0) {
Write-Host " [WARN] $unlicensed enabled users have NO license" -ForegroundColor Yellow; $warn++
$users | Where-Object { $_.AssignedLicenses.Count -eq 0 -and $_.AccountEnabled } | ForEach-Object {
Write-Host " - $($_.DisplayName) ($($_.UserPrincipalName))" -ForegroundColor Yellow
}
} else {
Write-Host " [PASS] All enabled users are licensed" -ForegroundColor Green; $pass++
}
# 3. Global Admin Check
Write-Host "`n--- Admin Roles ---" -ForegroundColor Cyan
try {
$gaRole = Get-MgDirectoryRole | Where-Object { $_.DisplayName -eq "Global Administrator" }
if ($gaRole) {
$gaMembers = Get-MgDirectoryRoleMember -DirectoryRoleId $gaRole.Id
Write-Host " [INFO] Global Admins: $($gaMembers.Count)" -ForegroundColor Gray
foreach ($ga in $gaMembers) {
$gaUser = Get-MgUser -UserId $ga.Id -Property DisplayName,UserPrincipalName
Write-Host " - $($gaUser.DisplayName) ($($gaUser.UserPrincipalName))" -ForegroundColor Gray
}
}
$pass++
} catch {
Write-Host " [WARN] Could not enumerate admin roles" -ForegroundColor Yellow; $warn++
}
# 4. Delegated Admin Gone?
Write-Host "`n--- Partner Relationships ---" -ForegroundColor Cyan
$apps = Get-MgServicePrincipal -All | Where-Object { $_.DisplayName -match "Partner Center|GoDaddy|Wild West" }
if ($apps) {
foreach ($app in $apps) {
Write-Host " [FAIL] GoDaddy app still present: $($app.DisplayName)" -ForegroundColor Red; $fail++
}
} else {
Write-Host " [PASS] No GoDaddy enterprise apps found" -ForegroundColor Green; $pass++
}
# 5. DNS Records
Write-Host "`n--- DNS Records ---" -ForegroundColor Cyan
# MX
try {
$mx = Resolve-DnsName -Name $DomainName -Type MX -ErrorAction Stop
if ($mx[0].NameExchange -match "mail.protection.outlook.com") {
Write-Host " [PASS] MX → Microsoft 365" -ForegroundColor Green; $pass++
} elseif ($mx[0].NameExchange -match "pphosted|proofpoint|barracuda|mimecast") {
Write-Host " [WARN] MX → Third-party email security (verify it's intentional)" -ForegroundColor Yellow; $warn++
} else {
Write-Host " [WARN] MX → $($mx[0].NameExchange) (verify this is correct)" -ForegroundColor Yellow; $warn++
}
} catch {
Write-Host " [FAIL] MX record not found" -ForegroundColor Red; $fail++
}
# SPF
try {
$spf = Resolve-DnsName -Name $DomainName -Type TXT -ErrorAction Stop | Where-Object { $_.Strings -match "spf" }
if ($spf.Strings -match "spf.protection.outlook.com") {
Write-Host " [PASS] SPF includes Microsoft 365" -ForegroundColor Green; $pass++
} else {
Write-Host " [WARN] SPF may not include Microsoft 365: $($spf.Strings)" -ForegroundColor Yellow; $warn++
}
} catch {
Write-Host " [FAIL] SPF record not found" -ForegroundColor Red; $fail++
}
# DMARC
try {
$dmarc = Resolve-DnsName -Name "_dmarc.$DomainName" -Type TXT -ErrorAction Stop
Write-Host " [PASS] DMARC configured" -ForegroundColor Green; $pass++
} catch {
Write-Host " [WARN] DMARC not configured (recommended)" -ForegroundColor Yellow; $warn++
}
# Summary
Write-Host "`n=================================================" -ForegroundColor White
Write-Host " PASS: $pass | WARN: $warn | FAIL: $fail" -ForegroundColor White
if ($fail -eq 0 -and $warn -eq 0) {
Write-Host " ✅ Tenant is fully healthy after defederation!" -ForegroundColor Green
} elseif ($fail -eq 0) {
Write-Host " ⚠️ Tenant is functional — review warnings" -ForegroundColor Yellow
} else {
Write-Host " ❌ Issues detected — address FAIL items" -ForegroundColor Red
}
Write-Host "`n Guide: https://medhacloud.com/blog/defederate-godaddy-microsoft-365" -ForegroundColor Cyan
Write-Host " Need help? https://medhacloud.com/professional-services/migrations/godaddy-to-microsoft-365-migration`n" -ForegroundColor Cyan
Disconnect-MgGraph | Out-Null
Cost Comparison: GoDaddy vs. Microsoft Direct vs. CSP Partner
One of the biggest reasons to defederate is cost savings. Here's what you're actually paying:
| Plan | GoDaddy Price | Microsoft Direct | CSP Partner (Medha Cloud) | Annual Savings (25 users) |
|---|---|---|---|---|
| Microsoft 365 Business Basic | $8.99/user/mo | $6.00/user/mo | $5.50/user/mo | $1,047 |
| Microsoft 365 Business Standard | $17.99/user/mo | $12.50/user/mo | $11.50/user/mo | $1,947 |
| Microsoft 365 Business Premium | $24.99/user/mo | $22.00/user/mo | $20.00/user/mo | $1,497 |
For a 25-user company on Business Standard, defederation saves ~$1,950/year — and you get all the advanced security features that GoDaddy locks away. Need help switching? Our Office 365 migration from GoDaddy includes license optimization at no extra cost.
Security Wins You Unlock After Defederation
GoDaddy-federated tenants typically score below 40% on Microsoft Secure Score. After defederation, you can quickly boost this to 70%+ by enabling features that were previously unavailable. Our M365 tenant security hardening service configures all of these on day one.
1. Conditional Access Policies
Block legacy authentication protocols, enforce MFA for admins, restrict sign-ins by location or device compliance. This alone prevents 99.9% of account compromise attacks.
2. Microsoft Defender for Office 365
Safe Links (rewrites URLs to check for malware), Safe Attachments (sandboxes files before delivery), advanced anti-phishing policies with impersonation detection.
3. Microsoft Purview (Data Loss Prevention)
Prevent sensitive data (credit cards, SSNs, health records) from being emailed externally. Essential for HIPAA, PCI-DSS, and SOC 2 compliance.
4. Azure AD Identity Protection
Risk-based sign-in policies that detect impossible travel, anonymous IP usage, password spray attacks, and leaked credentials automatically.
5. Microsoft Intune (Device Management)
Enforce device encryption, require PIN/biometric on mobile, wipe corporate data from lost devices, deploy apps silently. No more unmanaged BYOD accessing your data.
6. Unified Audit Logging
Full audit trail of who accessed what, when, and from where. Required for compliance audits and incident response investigations.
Troubleshooting: 12 Common Issues and Fixes
1. "Insufficient privileges" error in PowerShell
Cause: You're signed in with the GoDaddy delegated admin, not the true Global Admin.
Fix: Disconnect (Disconnect-MgGraph) and reconnect using the admin@[tenant].onmicrosoft.com account. Add -TenantId "yourtenant.onmicrosoft.com" to the connect command.
2. Domain stuck in "Federated" after running the PowerShell command
Cause: Microsoft Graph sometimes takes 5-15 minutes to propagate the change.
Fix: Wait 15 minutes, then run Get-MgDomain -DomainId "yourdomain.com" again. If still Federated after 30 minutes, try disconnecting/reconnecting and running the Update-MgDomain command again.
3. Users stuck in MFA authentication loop
Cause: GoDaddy's MFA configuration persists after defederation. Microsoft Authenticator pairings may be orphaned.
Fix: In Entra ID, go to the user's profile → Authentication methods → delete existing MFA registrations. Have the user re-register MFA at aka.ms/setupsecurityinfo.
4. Emails bouncing or delayed after DNS update
Cause: DNS propagation takes time (typically 2-4 hours, up to 48 hours).
Fix: Check propagation status at whatsmydns.net. Do NOT make additional DNS changes while waiting — each change restarts the propagation window.
5. GoDaddy admin account still visible in Active Users
Cause: The delegated admin account lingers after partner removal.
Fix: This is cosmetic. Check Settings → Partner relationships to confirm GoDaddy is actually removed. The account will disappear within 24-48 hours.
6. SharePoint access broken for some users
Cause: Session tokens cached before defederation become invalid.
Fix: Users need to clear their browser cache, sign out of all Microsoft accounts, and sign in fresh. In stubborn cases, use InPrivate/Incognito mode first.
7. Third-party backup tool throwing authentication errors
Cause: Backup tools (Veeam, Spanning, Barracuda) cached OAuth tokens from the GoDaddy federation.
Fix: Re-authenticate the backup tool with new Global Admin credentials. You may need to delete and recreate the OAuth app registration in Entra ID.
8. Office apps asking for activation after password reset
Cause: Expected behavior — apps need to re-authenticate with the new identity provider.
Fix: Users should close all Office apps, sign out at office.com, clear cached credentials in Windows Credential Manager, then reopen Office apps and sign in with new password.
9. Outlook keeps asking for password repeatedly
Cause: Windows Credential Manager has cached the old GoDaddy-federated credentials.
Fix: Open Control Panel → Credential Manager → Windows Credentials. Delete all entries containing "MicrosoftOffice" or "outlook". Restart Outlook.
10. Can't find the Global Admin account in Entra
Cause: GoDaddy sometimes hides the true admin or uses a non-obvious naming convention.
Fix: In Entra ID, go to Roles and administrators → Global Administrator. The accounts with this role are listed there regardless of visibility in the user list.
11. "Domain is in use" error when trying to convert
Cause: Another domain in the tenant is still Federated or there are user accounts on subdomains.
Fix: List all domains with Get-MgDomain and convert each Federated domain to Managed. Check for users on each domain with Get-MgUser -All | Where-Object { $_.UserPrincipalName -like "*@subdomain.com" }.
12. Mail flow rules / transport rules not working
Cause: GoDaddy-managed transport rules may reference their infrastructure endpoints.
Fix: In Exchange Admin Center, review Mail flow → Rules. Update or delete any rules that reference GoDaddy-specific domains or IP addresses.
Support Contact Numbers — Microsoft, GoDaddy & Medha Cloud
During defederation you may need to contact Microsoft, GoDaddy, or our team. Here are the direct numbers:
Microsoft 365 Support
| Country | Phone Number | Hours |
|---|---|---|
| United States | +1 (800) 642-7676 | 24/7 |
| United Kingdom | +44 (800) 026-0329 | 24/7 |
| Canada | +1 (877) 568-2495 | 24/7 |
| Australia | +61 (1800) 197-503 | 24/7 |
| India | +91 (000) 800-440-2038 | 24/7 |
Reality check: Microsoft's "world-class" support typically takes 48+ hours to respond. When they do, they expect you to be a technical user — they will send you PowerShell commands and Entra ID instructions. If you are not comfortable with that, they will wish you best of luck. You can also open a support ticket at admin.microsoft.com → Help & Support, but do not expect fast turnaround during a live defederation.
GoDaddy Support
| Country | Phone Number | Hours |
|---|---|---|
| United States | +1 (480) 505-8877 | 24/7 |
| United Kingdom | +44 (20) 7084-1810 | Mon-Fri 9am-6pm |
| Canada | +1 (480) 505-8877 | 24/7 |
| Australia | +61 (2) 8061-3658 | Mon-Fri 9am-6pm |
| India | +91 (40) 6764-2020 | 24/7 |
Honest warning: GoDaddy support for defederation is brutal. They know they are losing a customer, and their support agents are often unhelpful — some will outright refuse to assist, give you the runaround, or try to upsell you into staying. We have seen cases where GoDaddy agents told customers "defederation is not possible" (it is) or "you will lose all your data" (you will not). Do NOT let GoDaddy cancel your M365 subscription until you have completed all defederation steps. If they offer to "help," make sure they are ONLY removing the delegated admin relationship — nothing else.
Medha Cloud — GoDaddy Defederation Experts
| Location | Phone Number | Hours |
|---|---|---|
| United States | +1 (646) 775-2855 | 24/7 |
| India | +91 93536-44646 | 24/7 |
Open Live Chat — Talk to an Engineer Now
We handle GoDaddy defederations daily. Free assessment, zero downtime, fixed pricing. Learn more about our service →
Frequently Asked Questions
Will we lose emails during defederation?
No. Defederation only changes the authentication provider — it does not touch your email data. All emails, attachments, calendars, and contacts remain intact in Exchange Online. There is no data migration involved.
Do users lose access to SharePoint and OneDrive?
No. All SharePoint sites, OneDrive files, and Teams data remain untouched. Users may need to re-authenticate (sign in with their new password), but no data is deleted or moved.
Will our SharePoint URLs change?
No. Your SharePoint site URLs (e.g., yourtenant.sharepoint.com) are tied to your tenant, not to GoDaddy. Microsoft now also supports SharePoint domain renaming if you want to change the tenant name later.
What happens to our data retention and archiving policies?
If you had GoDaddy-bundled archiving (typically through Proofpoint or Barracuda), that archiving will stop when you cancel GoDaddy. Export your archives before cancellation. Post-defederation, you can use Microsoft's built-in retention policies or a third-party backup like Veeam or Spanning.
Can we use Okta, JumpCloud, or another IdP after defederation?
Yes! Once your domain is in Managed state, you can federate it with any identity provider of your choice. This is one of the key benefits — GoDaddy locks you into their IdP; defederation gives you freedom. Switching from Google Workspace? See our Google Workspace to Microsoft 365 migration service.
What if our domain is registered with GoDaddy? Do we lose it?
No. Domain registration and Microsoft 365 subscription are completely separate products. Cancelling M365 through GoDaddy does not affect your domain ownership. You can keep your domain at GoDaddy or transfer it elsewhere. If you're moving GoDaddy Workspace Email (not M365), see our IMAP email migration to Microsoft 365 service instead.
How long does the full defederation process take?
The core defederation (Steps 1-9) takes 60-90 minutes for most tenants. DNS propagation adds 2-48 hours (typically under 4 hours). Total wall-clock time from start to fully operational: half a day to be safe. Our professional GoDaddy email migration team does it even faster with zero user downtime.
Can an MSP do this on behalf of a client?
Yes. MSPs regularly perform defederations for clients. The MSP needs delegated admin access (GDAP) to the tenant. Make sure not to remove your own GDAP relationship while removing GoDaddy's. Medha Cloud offers white-label GoDaddy to Office 365 migration for MSPs who want to outsource defederations.
Is there a rollback option if something goes wrong?
There is no one-click rollback. Converting from Federated to Managed destroys the original federation configuration. However, most issues (authentication loops, DNS problems, license conflicts) are resolvable without rolling back. If you need to re-federate with GoDaddy (unlikely), it requires contacting GoDaddy support and can take 7-10 business days.
What's the difference between defederation and migration?
Defederation breaks the GoDaddy identity link while keeping the same tenant — no data moves. Migration moves data from one tenant to another (e.g., from a GoDaddy tenant to a brand-new Microsoft tenant). Defederation is faster, cheaper, and preserves everything. Migration is only needed if the tenant is beyond repair or if you're consolidating multiple tenants — see our Microsoft 365 tenant-to-tenant migration service for that scenario.
Need Professional Help?
If you'd rather have experts handle your GoDaddy defederation — with zero downtime and zero risk — our switch from GoDaddy to Microsoft 365 direct service includes:
- Complete defederation — We handle every step, including the dangerous ones
- DNS configuration — MX, SPF, DKIM, DMARC all set up correctly
- License optimization — Move to the right plan at the best price
- Security hardening — Enable Conditional Access, Defender, and MFA on day one
- User communication — We prepare the emails, distribute passwords, and handle support calls
- Post-migration monitoring — 30 days of email flow and health monitoring
Get a free GoDaddy defederation assessment →
Or call us: +1 (646) 766-8464
Advanced security and device management for businesses that need more than the basics.
Business Premium Plans & PricingTopics
Sreenivasa Reddy G
Founder & CEO • 15+ years
Sreenivasa Reddy is the Founder and CEO of Medha Cloud, recognized as "Startup of the Year 2024" by The CEO Magazine. With over 15 years of experience in cloud infrastructure and IT services, he leads the company's vision to deliver enterprise-grade cloud solutions to businesses worldwide.
