Connect to Exchange Online PowerShell with MFA Enabled.
If your organization is using MFA for all staff to provide an extra layer of security you might have found that connecting to Exchange Online using Remote PowerShell fails with an error “Access Denied”. For accounts with MFA enabled they cannot use the same method as non MFA enabled accounts to connect to Exchange Online.
MFA requires the you to install the Exchange Online Remote PowerShell Module, and then connect using the Connect-EXOPSSession cmdlet.
Error received:
To get started you need to download and install the Exchange Online PowerShell Module from the Exchange Admin Center.
- Click on hybrid
- Then click on configure for the Exchange Online PowerShell Module
Note. download the file using IE, if you use any other browser you might experience issue with installing the application.
Click on Install once the application download has completed.
Remote Management (WinRM) on your computer needs to allow basic authentication (it’s enabled by default). To verify that basic authentication is enabled, run this command in a Command Prompt:
1 |
winrm get winrm/config/client/auth |
If WinRM is authentication is not set to basic, run the following to set it to basic.
1 |
winrm set winrm/config/client/auth @{Basic="true"} |
Next on the computer with the Exchange Online Remote PowerShell Module installed run the following cmdlet to connect to Exchange Online using MFA.
1 |
Connect-EXOPSSession -UserPrincipalName [-ConnectionUri -ConnectionUri&gt -AzureADAuthorizationEndPointUri -AzureADUri] |
- <UPN> is your Office 365 work or school account i.e. Shaun.Hardneck@thatlazyadmin.com
- The <ConnectionUri> and <AzureADUri> values depend on the location of your Office 365 organization as described in the following table:
Then Office 365 tenant being used for this demonstration is not in the locations specified below, so I will continue using the following cmdlet. To connect to Exchange Online.
1 |
Connect-EXOPSSession -UserPrincipalName Shaun@ThatLazyAdmin.com |
Next you will be prompted to provide the password for the mentioned user.
Once you have provided the password for the user, you will be prompted to provide the security code.
Once the code has been entered and accepted the PowerShell modules will continue and Import in your PSSession.
And that is how you can still connect to Exchange Online even with MFA enabled on your user accounts.
#ThatLazyAdmin
Be First to Comment