So, most admins wanted a way to execute their PowerShell script with Modern auth and unattended authentication. 

After several months of waiting, Microsoft has released the EXO V2 preview module for non-interactive PowerShell scripts using Modern authentication.

With the introduction of this new feature, 

    –You don’t need to exclude service accounts with Conditional Access policy. 

    –You don’t need to store credential in the local file 

    –You can easily automate script scheduler with Modern auth 

To automate Exchange Online PowerShell login, you need EXO V2 PowerShell module version 2.0.3 preview or later version. This unattended script authentication uses Azure AD applications, certificates, and Modern authentication. 

To install the EXO V2 module Preview release, run the below cmdlet. 

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -AllowPrerelease

To update from an earlier version of EXO V2 module, run the below cmdlet. 

Update-Module -Name ExchangeOnlineManagement -AllowPrerelease

How to use the EXO V2 Module for Unattended Scripts? 

You can use Exchange Online PowerShell V2 module Preview to automate script scheduler with MFA/Modern authentication. 

The following examples show how to use the Exchange Online PowerShell V2 module with app-only authentication. 

Note: Administrators can create self-signed certificates and use them for internal and testing purposes, thereby avoiding the need for costly third-party Certificate Authority (CA) certificates

Connect to Exchange Online PowerShell using a local certificate: 

You need to use Connect-ExchangeOnline with CertificateFilePath and other necessary parameters. This method supports non-interactive scripts via Remote PowerShell using Certificate–Based Authentication. 

Connect-ExchangeOnline -CertificateFilePath "C:\Users\admin\Desktop\automation-cert.pfx" -AppID "Testing App" -Organization "contoso.onmicrosoft.com"

Connect to Exchange Online PowerShell using certificate thumbprint: 

To use certificate thumbprint, you need to use Connect-ExchangeOnline with CertificateThumbPrint paramter. 

Connect-ExchangeOnline -CertificateThumbPrint "TESTINGTHUMBPRINT" -AppID "Testing Aoo" -Organization "contoso.onmicrosoft.com"

When you use the CertificateThumbPrint parameter, the certificate needs to be installed on the computer where you are running the command. The certificate should be installed in the user certificate store. 

Connect to Exchange Online PowerShell with existing service principal and client-secret: 

To connect Exchange online with existing service principal and client-secret, you need to follow the steps below.  

Step1: Get an OAuth access token using Active Directory Authentication Library (ADAL) PowerShell. 

Step 2: Create PSCredential object 

$AppCredential= New-Object System.Management.Automation.PSCredential(<UPN>,<Token>)

Step3: Pass the PSCredential to the EXO V2 module. 

Connect-ExchangeOnline -Credential $AppCredential

To setup app-only authentication, you can follow this Microsoft doc. 

This feature is a valuable addition to the EXO V2 PowerShell module. It helps users to create non-interactive PowerShell scripts and connect to Exchange Online PowerShell with app-only authentication. Have you started upgrading existing PowerShell scripts to adopt this new method? Please share your experience with other admins and us. 

The post Modern Auth and Unattended Scripts in Exchange Online PowerShell V2  appeared first on Office 365 Reports.