If you’ve been using PowerShell to manage your Office 365 mailboxes, chances are you’ve been connecting with a remote PowerShell session, similar to this:
- $Credentials = Get-Credential
- $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credentials -Authentication Basic -AllowRedirection
- Import-PSSession $Session -DisableNameChecking
If you follow Microsoft’s advice to enable MFA (Multi-Factor Authentication) on your admin account you will now be facing this nasty output:
Apparently, doing remote PowerShell against Exchange Online with multi-factor authentication enabled simply isn’t going to fly…
Exchange Online PowerShell V2 Module to the Rescue
To run PowerShell scripts with an MFA enabled admin account against Exchange Online you need the ExchangeOnlineManagement module aka EXO V2.
Install the module from PSGallery using this command:
- Install-Module ExchangeOnlineManagement
After the module is installed you can connect to Exchange Online using the following command:
The ExchangeOnlineManagement module has all the old familiar Exchange CmdLets so basically your old scripts will remain functional. However a few commands have been upgraded and are available using the EXO prefix. This information is summarized in the following output:
Immediately after this output is seen, the Connect-ExchangeOnline cmdlet will present you with the MFA aware modern authentication logon prompt:
After successfully entering your credentials and your MFA pin you’re ready to rock!
The ExchangeOnlineModule was released end of 2019 and is still in preview. But since multi-factor authentication for admins is becoming increasingly popular you should consider migrating to this new module.
Indeed, Basic Authentication support on Exchange Online will end 13th of October 2020. Past this date you will not be able to use the standard Exchange PowerShell remoting – even with MFA disabled.