Introducing Sam


I'm Samuel Devasahayam, a lead Program Manager in the Active Directory team at Microsoft. I've been with the Active Directory team since 1998 when I joined after grad school. I drive Active Directory Federation Services as well as some of our recent onboarding efforts for Azure Active Directory/Office 365 through Azure AD Connect.

Of late, I find myself answering numerous questions both to Microsoft customers as well as internal Microsoft employees on things surrounding ADFS or Office 365/Azure AD authentication. This blog will primarily focus on making these questions (and their answers of course :)) more accessible and public.

Please use feedback/comments for any additional questions you would like answered around ADFS.




Comments (2)

  1. Roman П says:

    Hi Sam,

    We are using on-premises ADFS 3.0 and as of recently our Office365 admins started receiving an alert on the Office365 portal page:  

    "Renew your certificates.   One of your on-premises Federation Service certificates is expiring. Failure to renew the certificate and update trust properties within 20 days will result in a loss of access to all Office 365 services for all users."

    All our communication ADFS certificates are not expiring for another couple of years and our token-signing and decryption certificates are expiring in 30+ days, but are set to renew automatically, since AutoCertificateRollover  setting of ADFS enabled.  I am somewhat at loss of what certificate the Office365 portal alert is about. Is there a way to see logs or more detailed information?

    Thank you,


  2. Arvind S. Iyer says:

    Greetings, Roman!

    Follow the order.

    1.…/2713898 – On the On-Prem ADFS server, Scenario 1, only PS Commands

    Add-PSSnapin Microsoft.Adfs.Powershell

    Update-ADFSCertificate -CertificateType: Token-Signing

    2.…/2647048 – Run the commands in the article.


Skip to main content