Everything at the Microsoft MVP Summit is automatically under NDA, so rather than talk about all the secret stuff, I thought I’d share something I learned there that isn’t under NDA because it was already public. Somehow I missed this announcement before, but: there’s a public preview of a new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA). If you have turned on MFA for administrators in Office 365, you’ve probably found that they can’t use PowerShell to manage Exchange objects. Now you can: download and install this module and you’re all set. Here’s what it looks like in action:
I found out about this when I complained publicly in Tim Heeney‘s session that this doesn’t work. Thankfully Tim set me straight posthaste; after I got the link to the preview, a little searching turned up fellow MVP Vasil Michev’s article describing it, which I either forgot about or never saw.
7 responses to “Multi-factor authentication for Exchange Online PowerShell”
This isn’t very helpful with out some description of what to do and what is available. the link is just a file download with no instructions.
Fair point. If you download and install that file, you’ll get a new desktop shortcut that loads a version of EMS that supports MFA. There aren’t really any other instructions I can give you. Download it, open it, and use Connect-EXOPSSession.
Is there anyway to integrate this into the ISE?
Not that I know of. I am hoping that we’ll eventually get a drop of the shell that has MFA built in, in which case there won’t be any separate integration requirement.
Do we know the possible switches for the connect-exoPSsession? For example how do we use delegated admin and specify the delegated organisation?
Previously it could be specified in the url as follows:
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell-liveid?DelegatedOrg= -Credential $UserCredential -Authentication Basic -AllowRedirection
Microsoft has published a specific Exchange Online module that integrates Modern Authentication. I can’t find the link right now, so you may have to call them to get your hands on it.