Use a Multi Factor Authentication enabled account to connect to Exchange Online PowerShell

Security is a big theme for any online applications and Multi Factor Authentication is used more and more everyday. Those security standards easily extend to PowerShell or any other admin sessions, to execute tasks in your tenant. It will be more and more common to see organizations that no longer allow their IT administrators to connect to their Exchange Online using basic auth.

If you’re a heavy PowerShell user like me, this is for you. Microsoft has an excellent article on how to leverage an MFA account to connect to Exchange Online PowerShell.

You should read the article, as this things tend to be updated and you’ll be sure the have the latest steps, but in essence what you need to do is:

  • Make sure you have all prerequisites (i.e .Net Framework), specially in older versions of Windows
  • Install the Exchange Online Remote PowerShell module (from the Exchange Online EAC)
  • Make sure that WinRM allows basic authentication

Finally you can run the following command to connect to Office 365 commercial:

Connect-EXOPSSession -UserPrincipalName chris@contoso.com

And if you are connecting to a different instance, such as GCC High or 365 Germany, you need to specify the ConnectionUri and the AzureADAuthorizationEndPointUri parameters (see official article for parameter configurations).

Connect-EXOPSSession -UserPrincipalName <UPN> [-ConnectionUri <ConnectionUri> -AzureADAuthorizationEndPointUri <AzureADUri>]

Here’s how the PowerShell session looks like after you install the module.

MFAPS01

And the authentication process.

MFAPS02

And that’s it. Happy scripting!!!

 

Goodbye 16-character limit for Azure AD passwords

Finally the change many were waiting for. The password length limit in Azure AD just went up from 16 to 256 characters and is now more in line with the On Premises AD limits.

Is there any immediate impact for the end user?

Not really. Apart from the fact that they will now be allowed to set longer passwords (and you should make them aware of that), the impact from the end user perspective should be null.

What about IT administrators and any external app that leverages Azure AD for integration?

The only thing you’ll probably need to be aware, before you start changing those service account passwords to 200+ character passwords (in the name of maximum security), is can your printer or your 3rd party app, that interacts directly with Azure AD or Office 365, support such long passwords? Be careful with that and you should be fine! 🙂

 

Manage and forecast your Microsoft Azure spending

“Keep our Azure spending under control” is something that IT administrators and IT consultants hear very often. So how important is it to forecast and control that spending?

In my opinion, it’s extremely important and apparently Microsoft shares that opinion, which is probably one of the several good reasons that lead them to acquire the Israeli cloud startup Cloudyn.

Since the acquisition, in June 2017, Microsoft had the Cloudyn service available through the Azure Portal, but the end goal seems to be to fully replace Cloudyn by Azure Cost Management, by integrating all its features and functionalities.

Basically Microsoft is moving all Cloudyn cost management features from the Cloudyn portal into the Azure portal. Below you have an outline of what to use when, that you can and should read in the “What is the Cloudyn Service?” article.

Forecast1

As you can see above, Microsoft recommends Azure Cost Management for most offers and features.

It’s important that you note that today (this blog post was written in May 2019), Microsoft CSP subscriptions are still in the process of being moved from Cloudyn to Azure Cost Management. That also means that Azure Cost Management only supports Enterprise Agreements, pay-as-you-go and MSDN subscriptions.

It’s also important to note that today you can only register with Cloudyn if you’re in the Microsoft CSP program.

Forecast2

Now that you have some context of the ongoing transition, lets talk about my favorite Azure cost management feature: Forecasting

For those that still have access to Cloudyn, the “Forecast future spending” tutorial is a great read and will allow you to build your reports.

If you want to do leverage an API directly, to do things gather forecast information into your own portal, you can leverage the Forecast API that Microsoft has available.

Finally, if you haven’t already, go through this learning module that will teach you how to Predict Costs and optimize spending for Azure.

There’s so many different things that you can do, in terms of Cost analysis, forecasting and cost management in Azure. Hopefully this post gives you a high level overview and some resources to start from. Stay tuned for more information in future blog posts.

 

 

 

 

Azure Friday – the weekly videos you should not miss

If you’re ramping up your Azure skills, are an experience Azure consultant, administer Azure daily or if you simply like to learn more about the Microsoft Azure technology, then you should dedicate a few minutes per week and listen to the Microsoft Azure Friday live videos.

Videos are usually from around 10 to 15 minutes and include demos and/or very detailed explanations of new or existing services, as well as the Azure product group insight.

It’s very common to see Microsoft publishing multiple videos per week, some will be extremely detailed complex and some more high level.

You can subscribe it or add it to your calendar to make sure you don’t miss it.

Apply best practices with the Microsoft Azure Advisor service

Microsoft Azure has a free and personalized recommendations service, to apply Azure best practices, called Azure Advisor. If you haven’t heard about it or used it before, you should start now.

Microsoft describes the Azure Advisor as a “…personalized cloud consultant that helps you follow best practices to optimize your Azure deployments…”, in this excellent article, where you can read all about it.

The Advisor will give you recommendations for 4 categories:

  • High Availability
  • Security
  • Performance
  • Cost

Lets take a quick look on how you can implement those recommendations. Below you can see the main advisor page of my Azure subscription, which you can access from the bottom left menu option “Advisor”.

adv1

In my case it’s showing me recommendations for both High Availability and Security. If I click in the security recommendations, you’ll see that one of them is regarding Azure Storage accounts.

adv2

2 of my 3 storage accounts have non recommended security settings regarding secure transfer.

adv3

And finally I can see how exactly those settings should be adjusted.

Other very useful articles to learn more about the Azure Advisor:

There’s no additional cost to take advantage of the advisor recommendations. So as I said before, just get started!!