Forum Discussion
Azure Automation connecting to Exchange with MFA enforced
Chris Johnston The answer is deceptively simple....
I published a Runbook script to get you started with the initial connection, then you can add your own script form there on.
https://www.powershellgallery.com/packages/AzureAutomationAgainstExchangeOnlineWithMFAEnabledAccount/1.0.0
This could be an issue with how the connection is happening. If you are using a Microsoft hosted server to run the runbook, it would be using the default Exchange Online PowerShell. Once MFA is enabled you need to switch to a new connection. See the URL https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps
To get this working on Azure AUtomation, try using a hybrid run book server. You can then download the correct PowerShell modules and get the service account to work from there.
Hi Craig.
The example runbook in the PS gallery I have linked to, works just fine without a hybrid worker.
No exclusions, or trusted site lists, with full enforced MFA for priv. accounts.It uses a module called exchangeOnlineShell which works like the one you are linking to, but without requiring the installation, which is a problem in azure automation, and yes, that would require a hybrid worker as you say.
I am sure we will soon see some solutions from microsoft for authenticating with certificates against Exchange Online... (Fingers crossed)
Microsoft have released a complete new module for Exchange with support for modern authentication alot of other improvements.
https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/exchange-online-powershell-v2/exchange-online-powershell-v2?view=exchange-ps
