After you run the Microsoft Online Services Diagnostics and Logging (MOSDAL) Support Toolkit, the Active Directory Federation Services (AD FS) diagnostics log shows the following error:
There were no endpoints in the AD FS Metadata Exchange (MEX) document.
This log is located at Admin_Applications\SSO_Diagnostic_Tests\ADFSDiagnostic.txt.
Additionally, after you sign in to your Microsoft cloud service such as Office 365, Microsoft Azure, or Windows Intune by using a federated account, rich client application authentication may fail when it tries to access services.
This issue may occur if all AD FS service endpoints were deactivated.
To resolve this issue, make sure that the AD FS service endpoints are configured to support sign-on (SSO) authentication. To do this, see the following Microsoft Knowledge Base article:
Sign in to Office 365, Azure, or Windows Intune fails after you change the federation service endpoint
After you update the service endpoints, make sure that the AD FS service endpoint configuration metadata is updated to the Azure Active Directory (Azure AD) authentication system. To do this, see the "How to update the configuration of the Office 365 federated domain" section of the following Microsoft Knowledge Base article:
How to update or repair the settings of a federated domain in Office 365, Azure, or Windows Intune
Still need help? Go to the Office 365 Community
website or the Azure Active Directory Forums