Multi-factor authentication for Exchange Online PowerShell

Everything at the Microsoft MVP Summit is automatically under NDA, so rather than talk about all the secret stuff, I thought I’d share something I learned there that isn’t under NDA because it was already public. Somehow I missed this announcement before, but: there’s a public preview of a new Exchange Online PowerShell module that supports Azure multi-factor authentication (MFA). If you have turned on MFA for administrators in Office 365, you’ve probably found that they can’t use PowerShell to manage Exchange objects. Now you can: download and install this module and you’re all set. Here’s what it looks like in action:

adal-ps

I found out about this when I complained publicly in Tim Heeney‘s session that this doesn’t work. Thankfully Tim set me straight posthaste; after I got the link to the preview, a little searching turned up fellow MVP Vasil Michev’s article describing it, which I either forgot about or never saw.

Advertisements

7 Comments

Filed under Office 365, UC&C

7 responses to “Multi-factor authentication for Exchange Online PowerShell

  1. Kurt Bertelsen

    This isn’t very helpful with out some description of what to do and what is available. the link is just a file download with no instructions.

    • robichaux

      Fair point. If you download and install that file, you’ll get a new desktop shortcut that loads a version of EMS that supports MFA. There aren’t really any other instructions I can give you. Download it, open it, and use Connect-EXOPSSession.

  2. George

    Is there anyway to integrate this into the ISE?

    • robichaux

      Not that I know of. I am hoping that we’ll eventually get a drop of the shell that has MFA built in, in which case there won’t be any separate integration requirement.

  3. Ravi

    Hi,
    Do we know the possible switches for the connect-exoPSsession? For example how do we use delegated admin and specify the delegated organisation?

    Previously it could be specified in the url as follows:

    $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell-liveid?DelegatedOrg= -Credential $UserCredential -Authentication Basic -AllowRedirection

    • Microsoft has published a specific Exchange Online module that integrates Modern Authentication. I can’t find the link right now, so you may have to call them to get your hands on it.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s