Connect to Office 365 – PowerShell

Office 365 Design and Integration

Office 365 is a service oriented infrastructure and you will have multiple management interfaces based on the services you choose to activate and use.

In this post we will focus on user and mailbox management.

Understanding the Office 365 Structure

Before going into details make sure you have the proper understanding of the Office 365 components and how they integrate with your on-premises environment:

Office 365 Design and Integration

Your Office 365 mailboxes reside in Exchange Online, and the corresponding user accounts reside in Azure Active Directory (Exchange Online is dependent on Azure Active Directory – understand why).

On top of that, there are multiple user attributes affecting the Exchange Online mailbox, which are still managed in your on-premises Active Directory.

Therefore, managing your users and mailboxes will involve interactions with your on-premises Active Directory, the Azure Active Directory, and Exchange Online!

Connect to Azure AD With PowerShell

Since the AzureAD module and the MSOnline module are both being deprecated, you should use the Microsoft Graph PowerShell module.

If you’re coming from AzureAD and MSOnline, it’s a bit of a learning curve to transition to the MS Graph. But it’s worth the effort.

Connect to Microsoft 365 using MSGraph

To connect to Microsoft 365 using the MSGraph module, you must configure a scope to indicate what permissions you’ll be using.

If you’re a global admin (or have the proper permissions), you can consent to the use of the permissions.

Read more about consent here.

The following example connects to MS Graph PowerShell with the intent of managing user accounts:

# Install the MSGraph module if this is first use
Install-Module MSGraph
# The module will autoload in PS 3.0 or later, but you can do it explicitly
Import-Module MSGraph
# Connect to MSGraph
Connect-MgGraph -Scopes "User.ReadWrite.All"

With all prereqs in place, you can simply run Connect-MgGraph.

Notice that PowerShell can automatically download and install the MgGraph (Microsoft Graph) PowerShell module from the PowerShell Gallery. Downloading modules requires the NuGet package provider, which is itself installed automatically when needed (but you need PowerShell v. 5.1 or later).

Connect to Exchange Online

A lot of the mailbox configurations take place in Exchange Online. That’s why you’ll also need to connect to the Exchange Online service using PowerShell.

With the introduction of EXO V3, you can easily connect to Exchange Online, including support for MFA or automation (which has a few additional requirements).

Use the following commands to connect to Exchange Online using PowerShell:

# Install the EXO module if this is first use
Install-Module ExchangeOnlineManagement
# The module will autoload in PS 3.0 or later, but you can do it explicitly
Import-Module ExchangeOnlineManagement
# Connect to Exchange ExchangeOnline
Connect-ExchangeOnline

This gives you access to run all the Exchange management cmdlets.

Always keep in mind to close the remote session when you’re done. This is done using the following command:

Disconnect-ExchangeOnline

If you’re connecting with a remote PowerShell session and don’t close your session and create more sessions later, you risk using up the number of allowed connections. This will generate the following error:

New-PSSession : [outlook.office365.com] Processing data from remote server outlook.office365.com failed with the following error message:
[AuthZRequestId=68f35d6d-77b9-4119-b9d2-2e79f55bd1dc][FailureCategory=AuthZ-AuthorizationException] Fail to create a runspace because
you have exceeded the maximum number of connections allowed : 3 for the policy party : MaxConcurrency. Please close existing runspace and try again.
Policy: CN=GlobalThrottlingPolicy_e4f3120d-20ce-4ce9-ba82-ed2eef7f9607,CN=Global Settings,CN=ExchangeLabs,CN=Microsoft Exchange,CN=Services,
CN=Configuration,DC=EURP189,DC=PROD,DC=OUTLOOK,DC=COM;

Additionally, the Connect-Exchange Online module downloads a ~30 MB temporary module with CmdLets for Exchange Online.

These temporary modules may clog your disk if you don’t disconnect explicitly.

Read more about this issue here.

Support Users and Mailboxes Without PowerShell

Let’s be honest: PowerShell is great for automation. But it’s not great for first-level support.

First-level supporters often lack the skills and experience to solve issues using PowerShell.

Even the Exchange Online Admin Center can be very confusing in some aspects (see our analysis of the poor GUI experience here).

Easy365Manager is a snap-in to AD Users & Computers that lets you perform all daily Office 365 management from one familiar interface: AD Users & Computers.

You can even perform tasks like calendar delegation, that is otherwise only available via PowerShell:

Easy365Manager does not require any changes to your infrastructure. You can install it to any system running AD Users & Computers – even your Windows 10 workstation.

Download your 30-day trial here. It takes less than three minutes to download, install, and configure!