So, most admins wanted a way to execute their PowerShell script with Modern auth and unattended authentication. 

After several months of waiting, Microsoft has released the EXO V2 preview module for non-interactive PowerShell scripts using Modern authentication.

With the introduction of this new feature, 

    –You don’t need to exclude service accounts with Conditional Access policy. 

    –You don’t need to store credential in the local file 

    –You can easily automate script scheduler with Modern auth 

To automate Exchange Online PowerShell login, you need EXO V2 PowerShell module version 2.0.3 preview or later version. This unattended script authentication uses Azure AD applications, certificates, and Modern authentication. 

To install the EXO V2 module Preview release, run the below cmdlet. 

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -AllowPrerelease

To update from an earlier version of EXO V2 module, run the below cmdlet. 

Update-Module -Name ExchangeOnlineManagement -AllowPrerelease

How to use the EXO V2 Module for Unattended Scripts? 

You can use Exchange Online PowerShell V2 module Preview to automate script scheduler with MFA/Modern authentication. 

The following examples show how to use the Exchange Online PowerShell V2 module with app-only authentication. 

Note: Administrators can create self-signed certificates and use them for internal and testing purposes, thereby avoiding the need for costly third-party Certificate Authority (CA) certificates

Connect to Exchange Online PowerShell using a local certificate: 

You need to use Connect-ExchangeOnline with CertificateFilePath and other necessary parameters. This method supports non-interactive scripts via Remote PowerShell using Certificate–Based Authentication. 

Connect-ExchangeOnline -CertificateFilePath "C:\Users\admin\Desktop\automation-cert.pfx" -AppID "Testing App" -Organization "contoso.onmicrosoft.com"

Connect to Exchange Online PowerShell using certificate thumbprint: 

To use certificate thumbprint, you need to use Connect-ExchangeOnline with CertificateThumbPrint paramter. 

Connect-ExchangeOnline -CertificateThumbPrint "TESTINGTHUMBPRINT" -AppID "Testing Aoo" -Organization "contoso.onmicrosoft.com"

When you use the CertificateThumbPrint parameter, the certificate needs to be installed on the computer where you are running the command. The certificate should be installed in the user certificate store. 

Connect to Exchange Online PowerShell with existing service principal and client-secret: 

To connect Exchange online with existing service principal and client-secret, you need to follow the steps below.  

Step1: Get an OAuth access token using Active Directory Authentication Library (ADAL) PowerShell. 

Step 2: Create PSCredential object 

$AppCredential= New-Object System.Management.Automation.PSCredential(<UPN>,<Token>)

Step3: Pass the PSCredential to the EXO V2 module. 

Connect-ExchangeOnline -Credential $AppCredential

To setup app-only authentication, you can follow this Microsoft doc. 

This feature is a valuable addition to the EXO V2 PowerShell module. It helps users to create non-interactive PowerShell scripts and connect to Exchange Online PowerShell with app-only authentication. Have you started upgrading existing PowerShell scripts to adopt this new method? Please share your experience with other admins and us. 

The post Modern Auth and Unattended Scripts in Exchange Online PowerShell V2  appeared first on Office 365 Reports.

So, how will you easily connect to Exchange Online PowerShell without Basic Authentication? It’s SIMPLE!! By using Modern Authentication. Now I can hear your query: How can I quickly connect to Exchange Online PowerShell with Modern Authentication? Don’t worry! I have a solution. You’re gonna love me forever for what I’m about to share with you! 

1. Have you ever wanted to use the single cmdlet to connect Exchange Online with both MFA and non-MFA account?
2. Are you trying to find an alternative method to connect Exchange Online PowerShell Without Basic Authentication?
3. Have you ever wanted to install Exchange Online PowerShell module from PowerShell Gallery? 
4. Whether your script takes hours to complete? Or data retrieval interrupted due to session expiry/disconnect?

All your question has single answer: Use the Exchange Online PowerShell V3 Module 

Advantage of using Exchange Online PowerShell V3 Module: 

• EXO V3 module uses Modern Authentication. i.e, you can connect to Exchange Online PowerShell with Modern Authentication.
• You can download EXO V3 module easily from PowerShell gallery. 
• Single cmdlet ‘Connect-ExchangeOnline’ let you connect to Exchange Online PowerShell with MFA and non-MFA account. 
• It doesn’t require WinRM basic authentication to be enabled. 
• Helps to automate EXO PowerShell login with MFA. i.e., unattended scripts. 
• Contains REST API based cmdlets. 
• Provides exclusive cmdlets that are optimized for bulk data retrieval. 

Install Exchange Online PowerShell V3 Module: 

The Exchange Online PowerShell V3 module enables you to connect Exchange Online PowerShell with Modern Authentication. To install the EXO V3 module, run the following PowerShell script, which will determine if the system already has the V3 module installed. If it is not present, the script will install the EXO V3 module.

#Check for EXO v3 module installation
$Module = | (Get-Module ExchangeOnlineManagement -ListAvailable) | where {$_.Version.major -ge 3}
if($Module.count -eq 0)
{
Write-Host Exchange Online PowerShell V3 module is not available -ForegroundColor yellow
$Confirm= Read-Host Are you sure you want to install module? [Y] Yes [N] No
if($Confirm -match "[yY]")
{
Write-host "Installing Exchange Online PowerShell module"
Install-Module ExchangeOnlineManagement -Repository PSGallery -AllowClobber -Force
Import-Module ExchangeOnlineManagement
}
else
{
Write-Host EXO V3 module is required to connect Exchange Online. Please install module using Install-Module ExchangeOnlineManagement cmdlet.
Exit
}
}

Write-Host Connecting to Exchange Online...
Connect-ExchangeOnline

Note: To ease your installation and connection to Exchange Online PowerShell, we have documented Connect-ExchangeOnline troubleshooting tips at the bottom. 

Connect to Exchange Online PowerShell With Modern Authentication: 

Connect-ExchangeOnline cmdlet allows you to connect Exchange Online PowerShell without Basic Authentication. You can use Connect-ExchangeOnline cmdlet for both MFA and non-MFA account to connect Exchange Online PowerShell.  

Run below cmdlet to connect Exchange Online PowerShell with/without MFA 

Connect-ExchangeOnline

It will prompt for username and password. After entering credential, if you don’t receive any error means you successfully connected to Exchange Online. Yes! you have connected to Exchange Online PowerShell without basic authentication!

The successfully connected screen looks similar to the below screenshot. 

To check the connectivity, you can run Get-EXOMailbox cmdlet and see results. 

Additional Usecases for Connect-ExchangeOnline: 

1.Passing credential in Connect-ExchangeOnline: 

If you are using a non-MFA account to connect Exchange Online PowerShell, you can pass the credential in the Connect-ExchangeOnline cmdlet. This can be achieved by running below cmdlets. 

$Credential=Get-Credential
Connect-ExchangeOnline –Credential $Credential

2.Passing username in Connect-ExchangeOnline 

If you are connecting Exchange Online PowerShell with multi-factor authentication, you can’t pass the credential as it requires verification code. Still, you can pass your username in the Connect-ExchangeOnline cmdlet. 

Connect-ExchangeOnline -UserPrincipalName <UPN>

Note: To disconnect Exchange Online PowerShell session, You can use Disconnect-ExchangeOnline which is equivalent of Get-PSSession | Remove-PSSession.

Update EXO V2 Module:

If EXO V2 module is already installed on your computer, you can upgrade using Update-Module cmdlet.

To check the version of currently installed module, run the following commands.

Import-Module ExchangeOnlineManagement; Get-Module ExchangeOnlineManagement

To update the EXO V2 module to latest version that’s available in the PowerShell Gallery.

Update-Module -Name ExchangeOnlineManagement

How to use EXO V3 Module in Unattended Script?

You can create non-interactive scripts to perform Exchange Online management tasks. It requires Azure AD applications, certificates, and Modern authentication. To get more details, you can check our dedicated blog on Unattended access to Exchange Online using MFA account.

ExchangeOnlineManagement: Troubleshooting Tips

1. PowerShellGet version:  

In order to install Exchange Online PowerShell V2 module, PowerShellGet version must be 2.0 or later. Else you will have following error message. 

WARNING: The specified module 'ExchangeOnlineManagement' with PowerShellGetFormatVersion '2.0' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this module, 'ExchangeOnlineManagement '.

Solution: To install or update PowerShellGet latest version, run the below cmdlet. 

Install-Module PowerShellGet -Force

2. Set execution policy: 

Windows PowerShell needs to be configured to run scripts, and by default, it isn’t. In that case, you will get the following error. 

Files cannot be loaded because running scripts is disabled on this system. Provide a valid certificate with which to sign the files.

Solution: To resolve this error, you need to run the below cmdlet. 

Set-ExecutionPolicy RemoteSigned

3. Connect-ExchangeOnline with MFA enabled account: 

When you pass MFA enabled account’s credential using Get-Credential, you will get below error (because Get-Credential cmdlet doesn’t support MFA enabled accounts). 

New-ExoPSSession : AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.

Solution: To Connect-ExchangeOnline with MFA enabled account, run the below cmdlet. It will prompt for credential and verification code. 

Connect-ExchangeOnline

4. ‘Connect-ExchangeOnline‘ is not recognized as the name of a cmdlet:

In order to run Connect-ExchangeOnline cmdlet, you must install Exchange Online PowerShell V3 module. Else, you will get error during connection. 

Connect-ExchangeOnline : The term 'Connect-ExchangeOnline' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Connect-ExchangeOnline : The term ‘Connect-ExchangeOnline‘ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. 

Solution: Install EXO V3 module. 

5.Using EXO V2 module in PowerShell scripts:

If you are using both Connect-ExchangeOnline and Connect-MsolService in your PowerShell script, you might face the below issue.

Get-EXOMailbox: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken.

This issue occurs because of loading Azure MsOnline module after loading the EXO V2 module. I hope this issue will be resolved soon by Microsoft.

Solution: You can connect to the EXO V2 module after connecting to Connect-MsolService as a workaround.

Connect to Exchange Online PowerShell without Basic Authentication – Conclusion:

The ExchangeOnlineManagement module is a valuable addition to the PowerShell gallery. It helps admins to connect Exchange Online PowerShell (both MFA and non-MFA accounts) with a single cmdlet. Using New-PSSession with Basic Authentication is going to be deprecated soon, you can start using EXO V3 module. Happy scripting! 

The post Connect to Exchange Online PowerShell without Basic Authentication appeared first on Office 365 Reports.