For a prototype i need to make a SSO with SAML from an IDP to the Azure Cloud.

For that i created this Trial Account

As far as i understood i have to add a additional domain to my default domain (w.de).

Both domains (w.de and mmmaaa.de  i made a confimation with an mx DNS record. This domains are confirmed.

Now i tried to change the domain mmmaaa.de (not the default) to a federated domain. 
I uses powershell and MSOnline Module.

When i try to make the change with this command:

Set-MsolDomainAuthentication -Authentication Federated -DomainName mmmaaa.de -ActiveLogOnUri https://mmmaaa.de/logon:443 -FederationBrandName MW -IssuerUri https://abc.mmmaaa.de/logon:443 -LogOffUri https://mmmaaa.de/logoff:443  -PassiveLogOnUri https://mmmaaa.de/logoff -PreferredAuthenticationProtocol SAMLP  -SigningCertificate xxxxxxxxxxxxxxx==

i always receive this error:

PS C:\Users\Administrator> Set-MsolDomainAuthentication -Authentication Federated -DomainName mmmaaa.de -ActiveLogOnUri https://mmmaaa.de/logon:443 -FederationBrandName MW -IssuerUri https://abc.mmmaaa.de/logon:443 -LogOffUri https://mmmaaa.de/logoff:443  -PassiveLogOnUri https://mmmaaa.de/logoff -PreferredAuthenticationProtocol SAMLP  -SigningCertificate xxxxxxxxxxxxxxx==

Set-MsolDomainAuthentication : Invalid value for parameter.  Parameter Name: 
federationSettings.
In Zeile:1 Zeichen:1
+ Set-MsolDomainAuthentication -Authentication Federated -DomainName mm ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : OperationStopped: (:) [Set-MsolDomainAuthenticat 
   ion], MicrosoftOnlineException
    + FullyQualifiedErrorId : Microsoft.Online.Administration.Automation.Inval 
   idParameterException,Microsoft.Online.Administration.Automation.SetDomainA  
  uthentication

I tried some combinations but if  i add the parameter -Authentication Federated i receive the Error.

If i check the domain Authentication method with:

PS C:\Users\Administrator> Get-MsolDomain

Name                           Status   Authentication
----                           ------   --------------
mmmaaa.de                      Verified Managed       
w.de                     Verified Managed       
wde.onmicrosoft.com      Verified Managed       
wde.mail.onmicrosoft.com Verified Managed   

i will always receive "Managed".

There is no ADFS connected.

As far as i understand it is not neccessary.

All documentations and guides tells me i have to changeh the Authentiacation to Federated - to use an SAML Ticket for Single Sign on.

How i can do that?