PowerShell is great.
MFA is great (and secure).
Exchange Online is great.
We all know that. So everybody could think combining these 3 great factors will be a very great experience when you start an Exchange Online remote session with an MFA-secured account? Haha. This is the most annoying connection in PowerShell. Microsoft what did you smoke when you programmed that?
You want to know what I talk about? Then read this article carefully:
Let me summarize the article.. You have to:
- open a web browser
- sign in to the O365 admin center using your MFA secured account
- (or directly to Exchange Online if you know the URL)
- go to the “hybrid” configuration
- download an AddIn
- Install it
- use it in PowerShell
Yeah. During the last weeks I often had the problem that the addin cannot be loaded with this error (no matter which browser I use: IE, Edge, FF; Chrome, Opera):
The error talks about browser and application security zones. I will continue investigating this but for now I am still looking for the solution.
So there must be another (easier?) way. I found out 2 ways which I want to explain to you:
Option 1: Manually loading the Exchange Online MFA module from the Assembly Cache
Everything downloaded must be saved somewhere temporarily. Following the instructions on this site and some tests figured out that it works well:
The only thing you have to do in advance is to download this module one time on your computer. With other words: follow the instructions from MS I’ve mentioned above. Or get the DLL maybe from another computer.
Option 2: Find a good module with PowershellGet
You can find more information about PowershellGet here:
Now you can find the available modules by using this command:
Find-Module *Exchange* | Select Name,Description | Format-Table -Wrap
The module “ExchangOnlineShell” supports MFA. So give it a try:
Install-Module ExchangeOnlineShell Get-Command -Module ExchangeOnlineShell
The first command is for the installation, the second one to see the implemented commands. You see a command named “Connect-EOShell”. Issuing it opens the typical MFA prompt:
For those of you that don’t like “download and run” unknown software because of security reasons: The module is installed to the path “C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineShell\2.0.2”. Here you can have a look at the script which are executed by the command. And as you can see, the script delivered script is containing the necessary DLL for the Exchange Online session 🙂
Option 3 (the one you should prefer): Use ExoV2
ExoV2 is the newest PowerShell module for connecting to Exchange Online and available via PSGallery. You can easily install it:
… more about ExoV2 coming soon in another separete post.