Security is a big theme for any online applications and Multi Factor Authentication is used more and more everyday. Those security standards easily extend to PowerShell or any other admin sessions, to execute tasks in your tenant. It will be more and more common to see organizations that no longer allow their IT administrators to connect to their Exchange Online using basic auth.
If you’re a heavy PowerShell user like me, this is for you. Microsoft has an excellent article on how to leverage an MFA account to connect to Exchange Online PowerShell.
You should read the article, as this things tend to be updated and you’ll be sure the have the latest steps, but in essence what you need to do is:
- Make sure you have all prerequisites (i.e .Net Framework), specially in older versions of Windows
- Install the Exchange Online Remote PowerShell module (from the Exchange Online EAC)
- Make sure that WinRM allows basic authentication
Finally you can run the following command to connect to Office 365 commercial:
Connect-EXOPSSession -UserPrincipalName email@example.com
And if you are connecting to a different instance, such as GCC High or 365 Germany, you need to specify the ConnectionUri and the AzureADAuthorizationEndPointUri parameters (see official article for parameter configurations).
Connect-EXOPSSession -UserPrincipalName <UPN> [-ConnectionUri <ConnectionUri> -AzureADAuthorizationEndPointUri <AzureADUri>]
Here’s how the PowerShell session looks like after you install the module.
And the authentication process.
And that’s it. Happy scripting!!!