Each Office 365 service has their own PowerShell module to create a connection via PowerShell. If you want to work with multiple services, you need to remember (copy & paste ) various cmdlets and modules to create sessions manually, which is time-consuming and painful task. And the most important part comes here! MFA. Nowadays, most admin accounts are MFA enabled, which requires a different approach to create a PowerShell session.  

Don’t worry! We have created “All-in-One” PowerShell script that connects all Office 365 services using PowerShell with MFA/non-MFA account. You can connect to any/all Office 365 services, just with a single cmdlet. 

Script Highlights: 

• The script connects to 9 Microsoft 365 services with a single cmdlet.
•  Automatically downloads and installs the required M365 PowerShell modules upon your confirmation.
• You can connect to one or more Office 365 services via PowerShell using a single cmdlet.
• You can connect to Office 365 services with MFA enabled account. 
• For non-MFA account, you don’t need to enter credential for each service. 
• The script is scheduler-friendly. i.e., credentials can be passed as a parameter instead of saving inside the script. 
• The script supports Certificate-Based Authentication (CBA) too.
• You can disconnect all service connections using a single cmdlet. 

PowerShell Script to Connect all Microsoft 365 Services (Works for MFA too) 

We have an All-in-One PowerShell script to connect various Microsoft 365 PowerShell modules, including MS Graph, Exchange Online, Azure AD, SharePoint Online, SharePoint PnP, Teams, and Compliance Center. 

As mentioned earlier, each service requires a different module. We designed our script to install the required module (if it is not already installed) after your confirmation. If you prefer to download and install manually, you can follow the steps provided inside the script.

Download Script: ConnectO365Services.ps1

Now, I’m going to explain how to use our script to connect Office 365 services, whether you’re using MFA or non-MFA accounts, as well as certificate-based authentication. You can utilize this script to connect to a single service or a combination of services. Additionally, you can utilize the script to install Office 365 PowerShell modules as needed.

Connect to All Microsoft 365 Services using PowerShell: 

You can use any one of the below methods to connect to majorly used Microsoft 365 PowerShell modules.  

Method 1: Connect to all Microsoft 365 services using MFA account

When running the script with an MFA-enabled account, it will prompt for credentials for each service.

./ConnectO365Services.ps1

If you wish to avoid the credential prompt for each service, you can disable MFA for the account using CA policy.

Method 2: Connect to all Microsoft 365 services using non-MFA account

When using a non-MFA account, you can pass the credentials as parameters. This will avoid the credential prompt while connecting to each service.

./ConnectO365Services.ps1 -UserName Admin@Contoso.com -Password "XXX"

Note: MS Graph and MS Graph beta don’t support passing credentials. Therefore, you’ll need to enter credentials for them.

Method 3: Connect to Microsoft 365 services using Certificate

When you want to run the script unattended, you can choose this method. To use certificates, you must register the app in Entra ID. You can use either a CA certificate or create a self-signed SSL certificate.

./ConnectO365Services.ps1 -TenantId XXX -AppId YYY -CertificateThumbprint ZZZ -SharePointHostName contoso -TenantName contoso.onmicroosft.com

Note: MSOnline and SharePoint Online PowerShell module don’t support CBA.

Unlock the Full Potential of “Connect to All M365 Services” PowerShell Script: 

• Connect to multiple Microsoft 365 services using PowerShell
• Connect to Exchange Online PowerShell
• Connect to MS Graph PowerShell
• Connect to MS Graph beta SDK
• Connect to SharePoint Online PowerShell 
• Connect to SharePoint PnP PowerShell
• Connect to Microsoft Teams PowerShell 
• Connect to Security and Compliance Center (SCC) PowerShell 
• Connect to Office 365 PowerShell
• Connect to Azure AD PowerShell
• Connect to Skype for Business PowerShell 
• Disconnect all Microsoft 365 services at once

1.Connect to Multiple M365 Services Using PowerShell:

If you want to connect multiple services, mention the required services by using ‘Services‘ param.

./ConnectO365Services.ps1 -Services MSGraph,ExchangeOnline

The above format will prompt for credentials twice and connect to MS Graph and Exchange Online.

If you wish to connect multiple Office 365 services with a non-MFA account, you can pass the credentials as parameters.

./ConnectO365Services.ps1 -Services ExchangeOnline,MSTeams,SecAndCompCenter -UserName admin@contoso.com -Password XXX

This method avoids the need to enter credentials for each service individually.

After executing the script, connected services will be listed as shown in below screenshot. 

Now you have connected to Office 365 services and you can manage them through PowerShell. 

2.Connect to Exchange Online PowerShell: 

To connect Exchange Online PowerShell, run the script in any of the below format.
Method 1: Connect to EXO PowerShell with MFA and non-MFA accounts.

./ConnectO365Services.ps1 -Services ExchangeOnline

It will prompt you to enter credentials. If you want to know detailed steps, refer to connect to Exchange Online PowerShell blog. 

Method 2: Connect to Exchange Online PowerShell by passing credential as parameters.

./ConnectO365Services.ps1 -Services ExchangeOnline -UserName admin@contoso.com -Password XXX

Note: The above format only supports non-MFA accounts.

Method 3: Connect to Exchange Online using certificate based authentication.

./ConnectO365Services.ps1 -Services ExchangeOnline -TenantName contoso.onmicrosoft.com -AppId YYY -CertificateThumbprint ZZZ

While connecting EXO with certificate, organization name must be passed as TenantName.

3.Connect to MS Graph PowerShell:

To install and connect to MS Graph PowerShell (production version), you can run the script in any one of the below methods.

Method 1: Connect to MS Graph PowerShell using MFA and non-MFA accounts

./ConnectO365Services.ps1 -Services MSGraph

NOTE: MS Graph PowerShell doesn’t support passing credential as params.

Method 2: Connect to MS Graph PowerShell using Certificate

./ConnectO365Services.ps1 -Services MSGraph -AppId XXX -TenantId YYY -CertificateThumbPrint ZZZ

This process involves procedures such as certificate creation, app registration, etc. You can utilize a PowerShell script specifically designed to automate registering the app and creating the certificate.

4.Connect to MS Graph Beta PowerShell:

MS Graph PowerShell has less functionality. So, most admins prefer to use MS Graph beta. To install and connect to MS Graph Beta PowerShell, you can run the script in any one of the below methods.

Method 1: Connect to MS Graph beta PowerShell using MFA and non-MFA accounts

./ConnectO365Services.ps1 -Services MSGraphBeta

MS Graph beta PowerShell doesn’t support passing credential as params.

Method 2: Connect to MS Graph PowerShell using Certificate

./ConnectO365Services.ps1 -Services MSGraphBeta -AppId XXX -TenantId YYY -CertificateThumbPrint ZZZ

NOTE: While connecting to MS Graph or MS Graph beta PowerShell, you might encounter an “One or more errors occurred” error. This is likely due to having multiple versions of the MS Graph PowerShell module installed on your system.

5.Connect to SharePoint Online PowerShell: 

To connect to SharePoint Online using PowerShell, the SharePoint Online Management Module is required. When you run the below cmdlet, it will prompt you to install that module if it is not already installed.

Method 1: Connect to SharePoint Online PowerShell using MFA and non-MFA account

./ConnectO365Services.ps1 -Services SharePointOnline -SharePointHostName <Organization Name>

SharePointHostName used to connect SharePoint Online Administration Center. For admin@contoso.onmicrosoft.com, organization name is Contoso. 

Method 2: Connect to SharePoint Online PowerShell by passing credentials

./ConnectO365Services.ps1 -Services SharePointOnline -SharePointHostName <Organization Name> -UserName admin@contoso.com -Password XXX

NOTE: SharePoint Online PowerShell doesn’t support certificate based authentication.

6.Connect to SharePoint PnP PowerShell: 

SharePoint Patterns and Practices (PnP) allows you to perform complex provisioning and artifact management actions in the SharePoint.

To connect SharePoint PnP using PowerShell, run the script in any of the below methods. 

Method 1: Connect to SharePointPnP using MFA and non-MFA account

./ConnectO365Services.ps1 -Services SharePointPnP -SharePointHostName <Organization Name>

SharePointHostName used to connect SharePoint Online Administration Center. For admin@Contoso.onmicrosoft.com, organization name is Contoso. 

Method 2: Connect to SharePointPnP by passing credentials.

./ConnectO365Services.ps1 -Services SharePointPnP -SharePointHostName contoso -UserName admin@contoso.com -Password XXX

If you don’t pass the SharePointHostName parameter, the script will prompt you to enter the value during execution.

Method 3: Connect to SharePointPnP using certificate

./ConnectO365Services.ps1 -Services SharePointPnP -SharePointHostName contoso -TenantName contoso.onmicrosoft.com -AppId YYY -CertificateThumbPrint ZZZ

You can use method for unattended script execution.

7.Connect to Microsoft Teams PowerShell: 

To connect Teams PowerShell, it requires Microsoft Teams PowerShell Module. When you run the script in below methods, it will install Microsoft Teams PowerShell module and then connects to Teams. 

Method 1: Connect to MS Teams PowerShell using MFA and non-MFA account

./ConnectO365Services.ps1 -Services MSTeams

The above format will prompt you to enter credentials.

Method 2: Connect to MS Teams PowerShell by passing credentials as params.

./ConnectO365Services.ps1 -Services MSTeams -UserName admin@contoso.com -Password xxx

This format supports only non-MFA accounts and is scheduler-friendly.

Method 3: Connect to MS Teams PowerShell with certificate

./ConnectO365Services.ps1 -Services MSTeams -TenantId XXX -AppId YYY -CertificateThumbPrint ZZZ

This method authenticate using a certificate thumbprint and connects to MS Teams.

8.Connect to Office 365 Security & Compliance Center PowerShell: 

With the recent update, the Security and Compliance Center (SCC) now supports REST-based cmdlets. To manage the Office 365 Security and Compliance Center from PowerShell, you can run the script using the following methods based on your requirement

Method 1: Connect to security and compliance center using MFA and non-MFA account

./ConnectO365Services.ps1 -Services SecAndCompCenter

It will prompt you enter credentials.

Method 2: Connect to security and compliance center by passing credentials

./ConnectO365Services.ps1 -Services SecAndCompCenter -UserName admin@contoso.com -Password XXX

You can use this method to connect SCC using non-MFA accounts.

Method 3: Connect to security and compliance center using certificate

./ConnectO365Services.ps1 -Services SecAndCompCenter -TenantName contoso.onmicrosoft.com -AppId YYY -CertificateThumbPrint ZZZ

NOTE: Connect-IPPSSession -UserPrincipalName WARNING: Your connection has been redirected to the following URI: “https://ind01b.ps.compliance. protection.outlook.com/Powershell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.19041.3031

When you encounter this warning, it indicates that you are using an older version of the Exchange Online PowerShell module, which requires basic authentication to connect to the Security and Compliance Center (SCC). To resolve this error, you can upgrade to the latest Exchange Online PowerShell module.

9.Connect to Office 365 PowerShell: 

To connect with the Microsoft Azure Active Directory Module for Windows PowerShell, utilize the below methods.

Method 1: Connect to MSOnline using MFA and non-MFA accounts

./ConnectO365Services.ps1 -Services MSOnline

It will prompt you to enter credentials. 

 Method 2: Connect to MSOnline by passing credential as params.

./ConnectO365Services.ps1 -Services MSOnline -UserName admin@contoso.com -Password XXX

NOTE: MSOnline PowerShell module doesn’t support certificate based authentication.

10.Connect to Azure Active Directory PowerShell:

To connect with the Microsoft Azure Active Directory PowerShell module, you can use any one of the below methods based on your requirement:

Method 1: Connect to Entra ID (formerly, Azure AD) with MFA and non-MFA accounts

./ConnectO365Services.ps1 -Services AzureAD

Above cmdlet will install AzureAD module if it is not installed already. 

Method 2: Connect to Azure AD by passing credentials as params.

./ConnectO365Services.ps1 -Services AzureAD -UserName admin@contoso.com -Password XXX

This format doesn’t support MFA enabled accounts.

Method 3: Connect to Azure AD using certificate

./ConnectO365Services.ps1 -Services AzureAD -TenantId XXX -AppId YYY -CertificateThumbPrint ZZZ

You can utilize this format for scheduling too.

11.Connect to Skype for Business Online PowerShell: 

Since Skype for Business Online Connector module and the New-CSOnlineSession cmdlet were deprecated, you can use Teams PowerShell module to manage *-CsOnline* cmdlets.

12.Disconnect Microsoft 365 Services’ PowerShell Session: 

Make sure to disconnect the remote PowerShell session when you’re finished. Else you would end up using all remote PowerShell sessions available to you and you will get the following error.  

To disconnect all the Office 365 PowerShell session in the current window, run the below command. 

./ConnectO365Services.ps1 –Disconnect

Challenges in Managing Microsoft 365 via PowerShell

Most admins prefer PowerShell to manage their Microsoft 365 environment. But when it comes to reporting, it is always difficult to get the desired report with PowerShell. Because

• PowerShell requires a lot of effort to generate the needed reports, which is time-consuming. 
• Automating report generation is difficult when you are using MFA.
• If you do not retrieve the audit data properly, it will end up with data loss which spoils the purpose. 
• If you are a newbie, you might lose in search of finding the right cmdlet. 

So, what if there is an easier way to generate Microsoft 365 reports? A tool like AdminDroid will help you in reporting and auditing your Microsoft 365 environment.

AdminDroid offers 1800+ pre-built reports and 30+ smart dashboards, providing comprehensive statistics, monitoring, and alerting for your Microsoft 365 environment effortlessly.

Besides, AdminDroid offers 120+ reports and a handful of dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The free edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting. Download Free Microsoft 365 reporting tool by AdminDroid and see how it helps for you.

I hope this blog can help you to create a PowerShell session to Office 365 services. If you face any issues during connection, share with us through the comment section. 

Even if you face any other challenges in Office 365 Environment or in need of any PowerShell scripts related to Office 365, let us know in the comment section. Happy Scripting! 

The post Connect to All Microsoft 365 Services using PowerShell (Supports MFA too) appeared first on Office 365 Reports.

You can install Exchange Online PowerShell Module (EXO V1) manually or you can use dedicated script that install the module and connects Exchange Online PowerShell using MFA. Let’s check both methods in detail.

• Automated Method:
  • PowerShell script to connect Exchange Online PowerShell with MFA
• Manual Method:
  • Step1: Install Exchange Online PowerShell Module for MFA(One time process)
  • Step2: Connect Exchange Online PowerShell using MFA enabled Account

To ease your work, we have documented common troubleshooting tips at the bottom.

Automated Method: PowerShell Script to Connect Exchange Online PowerShell with MFA

Unfortunately, connecting Exchange Online PowerShell using MFA is somewhat tricky, so newbies can get lost quickly. No worries! We are here to help admins. We have written a user-friendly PowerShell script to connect Exchange Online PowerShell with MFA which does following things.

• Downloads Exchange Online Remote PowerShell Module
• Installs Exchange Online PowerShell Module
• Connects Exchange Online PowerShell using MFA

Download Script: ConnectExchangeOnlinePowerShell.ps1

Manual Method: Setup Everything by Yourself

Step1: Install Exchange Online PowerShell Module for MFA

The first thing you need to do is download the Exchange Online Remote PowerShell module.To download Exchange Online PowerShell Module directly, you can use this quick link: https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application 

Alternatively, to download the Exchange Online MFA module through Microsoft, follow the below steps.

1.Login to Exchange Admin Center using Internet Explorer or Edge. 

2.In the EAC, go to Hybrid and click the Configure button (as mentioned in below image) to download the Exchange Online PowerShell Module for MFA.

Note: A browser that uses ClickOnce to download (like IE or Edge) is needed to download otherwise you will get an error during installation. Click Connect-ExoPSSession troubleshooting tips for more troubleshooting tips.

3.Click Install.

Step2: Connect Exchange Online PowerShell Using MFA

1.Connect-EXOPSSession used to connect to Exchange Online with MFA. You can’t use Connect-EXOPSSession in standard Windows PowerShell. You need to launch Exchange Online Remote PowerShell module. When you launch the Exchange Online Remote PowerShell module, a tip about the usage is shown.

2.Connect-EXOPSSession has a parameter UserPrincipalName. You can use Connect-EXOPSSession, with or without UserPrincipalName. For eg,

Connect-EXOPSSession -UserPrincipalName Admin@Contoso.com

3.Enter the password in the sign-in window and then click Sign in.

4. A verification code generated and delivered based on MFA configured for your account. Enter the verification code in the verification window and then click Sign in.

5. After step 4, the Exchange online cmdlets are imported into Exchange Online remote PowerShell Module session. If you don’t receive any errors, you connected successfully as shown in the below figure.

If you want to connect all Office 365 Services PowerShell with a single cmdlet, please refer: Connect to all Office 365 Services using PowerShell (Supports MFA too)

Connect-EXOPSSession – Trouble Shooting Tips:

Most people encounters numerous challenges when they try to use Connect-EXOPSSession cmdlet. To ensure hassle-free installation and execution, we have documented the common errors and their troubleshooting tips in this blog. If you want to get a list of MFA enabled users in your tenant, you can refer Export Office 365 users’ MFA status report.

1.You can’t use Standard Windows PowerShell to Connect Exchange Online With MFA:

 If you use standard Windows PowerShell to connect Exchange Online using MFA enabled account, you will get the following error.  

New-PSSession : outlook.office365. com Connecting to remote server outlook.office365. com failed with the following error message : Access is denied. For more information, see the about_Remote_Troubleshooting Help topic.+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne ...
+ FullyQualifiedErrorId : AccessDenied,PSSessionOpenFailed


Import-PSSession : Cannot validate argument on parameter 'Session'. The argument is null. Provide a valid value for the argument, and then try running the command again. + Import-PSSession $Session -CommandName Get-Mailbox,Get-MailboxPermi ...
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Microsoft.PowerShell.Commands. ImportPSSessionCommand

If you want to connect Exchange Online PowerShell with MFA, you need to install “Exchange Online PowerShell Module” (EXO).

2.How to Import MFA Enabled Exchange Online Powershell Module in ISE?

Instead of using Exchange Online PowerShell console, you can import Exchange Online PowerShell module in Windows PowerShell ISE. To successfully use the Connect-EXOPPSSession cmdlet in the ISE, you need to run the below code in ISE.

$MFAExchangeModule = ((Get-ChildItem -Path $($env:LOCALAPPDATA+"\Apps\2.0\") -Filter CreateExoPSSession.ps1 -Recurse ).FullName | Select-Object -Last 1)
. "$MFAExchangeModule"

Now, you can use PowerShell ISE to Connect Exchange Online with MFA.

Note: Before using these code, you should install Exchange Remote Online PowerShell module.

3.Unable to Install Exchange Online PowerShell Module- Cannot start application:

If you didn’t use IE or Edge to download Exchange Online PowerShell Module, you will face error during installation.

4.Enable basic authentication on the WinRM Service:

Windows Remote Management (WinRM) needs to allow basic authentication (It is enabled by default) to create ExoPSSession. If basic authentication is disabled, you’ll get below error when you try to connect: 

Note: The Basic authentication header is required to transport the session’s OAuth token, since the client-side WinRM implementation has no support for OAuth.

To check whether the basic authentication is enabled, run below command in command prompt.

winrm get winrm/config/client/auth

If Basic= true not set, you need to run below command to enable basic authentication.

winrm set winrm/config/client/auth @{Basic="true"}

After executing above command, the output looks similar to below screenshot.

Note: You can also use EXO V2 module to connect Exchange Online PowerShell with modern auth.  Even though the EXO V2 module uses modern auth, it still needs WinRM basic auth to transport modern auth tokens. To improve the security, Microsoft recently introduced EXO V2 Preview module 2.0.6. It allows admin to use EXO V2 module without WinRM basic authentication.

5.Start WinRM service:

In order to enable basic authentication in WinRM, WinRM service must be in running state. Otherwise, you will get following error: The client cannot connect to the destination specified in the request. Verify that the service on the destination is running and is accepting requests. Consult the logs and documentation for the WS-Management service running on the destination, most commonly IIS or WinRM.

To start WinRM service, launch command prompt as administrator and run following command

Winrm quickconfig

When the cmd prompt displays Make these changes [y/n]?, type y.

If configuration is successful, WinRM service started output will be displayed.

6.Where do I find the Exchange Online Remote PowerShell Module?

You won’t be able to find the Exchange Online Remote PowerShell module, using the Get-Module cmdlet. When you install ClickOnce application, it will be installed in the below directory.

%UserProfile%\AppData\Local\Apps\2.0

You can use the desktop shortcut, to launch the Exchange Online Remote PowerShell module.

7.Disconnect the remote PowerShell session:

Make sure to disconnect the remote PowerShell session when you’re finished. Else you ended up using all remote PowerShell sessions available to you and you will get the following error. 

New-ExoPSSession : Processing data from remote server outlook.office365. com failed with the following error message: [AuthZRequestId=068a9813-8420-43f0-9f20-692228962287] [FailureCategory=AuthZ-AuthorizationException] Fail to create a runspace because you have exceeded the maximum number of connections allowed: 10

To disconnect all PowerShell session in the current window, you can use below command.

Get-PSSession | Remove-PSSession

Automate Exchange Online PowerShell Login with MFA – Unattended Script:

With the introduction of security defaults and MFA enforcement, most scripts are broken in scheduled tasks or automation. As a workaround, most admins used conditional access to exclude MFA for the service accounts. It makes the organization less secure. To fix this problem, Microsoft introduced a new Public preview of the EXO V2 module (Version 2.0.3 or later) to connect Exchange Online with an unattended script.

Challenges in Generating Reports using PowerShell:

Most admins use Exchange Online PowerShell for generating Exchange online reports and auditing Office 365 environment. But I have seen a lot of challenges when using PowerShell. for example,  

• If you do not retrieve the audit data properly, it will end up with data loss which spoils the purpose. 
• If you are a newbie, you might lose in search of finding the right cmdlet. 
• PowerShell requires a lot of effort to generate the needed reports, which is time-consuming. 
• Automating report generation is difficult when you are using MFA.

 If you are searching for alternative ways to generate Exchange reports like 

• Mailbox information reports 
• Inactive mailbox reports based on last logon time, last activity time, last mail read, last mail sent time 
• Mailbox usage reports 
• Mailbox permission reports 
• Mailbox forwarding reports 
• Mailbox settings reports 
• Mailbox on-hold reports 
• Email activity reports 
• Spam and malware reports 
• Email traffic and statistics reports 
• Mailbox auditing reports 
• Non-owner mailbox access reports 

You can take a look at AdminDroid Exchange Online reporting and auditing tool. This tool offers 170+ Exchange Online statistics and auditing reports along with visually appealing dashboards. 

Additionally, AdminDroid offers 1500+ pre-built reports on various Office 365 services like Azure AD, Exchange Online, SharePoint Online, Microsoft Teams, OneDrive for Business, Skype for Business, Yammer, General Office 365 reports, and security reports. 

Besides, AdminDroid provides over 100+ reports and a handful of dashboards completely for free. It includes reports on Users, Licenses, Groups, Group Members, Devices, Login Activities, Password Changes, License Changes, and more. The free edition doesn’t have any restrictions in reporting functionalities such as customization, scheduling, and exporting. For your Azure AD reporting and auditing needs, you can download Free Office 365 reporting tool by AdminDroid and see how it helps for you. 

The post Connect to Exchange Online PowerShell Using MFA (Multi Factor Authentication) appeared first on Office 365 Reports.