itsallinthecode

Exchange - Connect via PowerShell using Modern Authentication

Exchange - Connect via PowerShell using Modern Authentication

Rob's photo
Rob
·

2 min read

Microsoft announced a while back that they are going to end support for basic authentication in Exchange Online from Oct 13, 2020. This includes connecting via remote PowerShell.

So what do we need do in order to connect to Exchange Online using PowerShell? Answer: Use Modern Authentication.

Modern authentication is based on the use of OAuth 2.0 tokens and the Active Directory authentication library (ADAL). It adds support for multi-factor which you may already be using to connect to Exchange Online (see here).

Microsoft recently released the Exchange Online PowerShell V2 (EXO V2) module. It currently only has a small set of new cmdlets designed for bulk data retrieval. However, it also contains all the other older remote PowerShell cmdlets that we've all grown to love.

This module only supports modern authentication, you can't use basic auth at all.

The time is coming for when you'll need to update your scripts to remove basic auth. The new module is still in preview so I'm holding off for now to let it mature and will look at updating them later in the year.

Get the module

Currently only support PowerShell 5.0. Support for 6.0 and beyond is a work in progress.

  • Open a PowerShell console as administrator
  • Type the following:
Install-Module -Name ExchangeOnlineManagement
  • Press Enter and then press Y to accept the license agreement.

install exchangeonlinemanagement powershell module

Connect to Exchange Online

Now that you got the module installed you just need to import and connect.

Import-Module ExchangeOnlineManagement;

# Account without MFA enabled
$credential = Get-Credential;
Connect-ExchangeOnline -Credential $credential -ShowProgress $true

#Account with MFA enabled
Connect-ExchangeOnline -UserPrincipalName <UPN> -ShowProgress $true

Using the module

Now you can use any of the new cmdlets as well as all the old remote ones. Just try Get-Mailbox and it should return what it normally does. It all seems pretty seamless so far!

Use Azure Cloud Shell

Back in May 2019, the Exchange team announced that Exchange Online PowerShell module is available in Azure Cloud Shell. See the announcement here.

One of the cool things about this is that SSO is enabled. So you can just load up Cloud Shell and run Connect-EXOPSSession and you'll be automatically signed in! No need for credentials.

This is won't work as a replacement for your scripts but it's great when you just need to do a quick query or change.

You can access Cloud Shell from Azure Portal, shell.azure.com, Azure Mobile App and Azure Extension in VS Code.