Forum Discussion

Mike Platvoet's avatar
Mike Platvoet
Steel Contributor
Aug 01, 2016
Solved

Authenticating to O365 using Powershell and MFA

I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA. I already installed the preview from https://blogs.technet.microsoft.com/ente...
Authentication
office 365
  • Mike Platvoet's avatar
    Mike Platvoet
    Nov 10, 2016

    To save everyone from having to read AnnaChu full post: there is now an Exchange Online Powershell module in preview available that supports MFA. I just tested it and it works (so far) as expected. Go to http://aka.ms/exopspreview to download the preview.

Exchange Admin via MFA's avatar
Exchange Admin via MFA
Copper Contributor
Mar 22, 2017

Anyone have a clue as to how to use MFA login in an unattended powershell script?

 

I have MFA working fine with powershell interactively - The login and MFA dialogs come up and do the right thing but this does me no good for the scheduled things I need to do off-hours.

 

TIA

 

--Brian

Deleted's avatar
Deleted
Oct 04, 2017

I tried to get send emails from powershell when MFA is enabled, but no avail. 

 

Background:

This worked when my account did not have MFA enabled (just example):

  • tried to send email using Send-MailMessage -To "xx@xx.fi" -From $cred.UserName -Subject "The subject" -Body $body -UseSsl -Encoding UTF8 -SmtpServer "smtp.office365.com" -Port 587 -Credential $cred -ErrorVariable mailError

When I enabled MFA for my account then sending email is not possible through powershell anymore.

Getting this error: 
Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated

 

Followed this article and one hour later got it working:

https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx

- run into problems like only IE working and runas IE different user not working

- tip: log on to your machine with the account you have as  Exchange admin privileges, don't try to use runas -functionality to fool your browser, because it will try to install Microsoft Exchange Online Powershell Module from the Exchange admin center to user who is logged on. I got weird errors like this is already installed from a different location and ofcourse the dirrefent zone error and so on.

After once succesfully done that with the proper account, the "normal account" I use to run my scripts in this machine seems to work fine.

 

 

Got the Connect-EXOPSSession working fine and was very frustated to find out that there seems to be no way to send email through EXOPSSession.

It does not have that "inside" Connect-EXOPSSession:

>Get-Command -Module tmp_riwbx11w.0ow

 

>....

>Function Search-MessageTrackingReport 1.0 tmp_riwbx11w.0ow

>(SHOULD BE here!)
>Function Send-TextMessagingVerificationCode 1.0 tmp_riwbx11w.0ow
>Function Set-CalendarNotification 1.0 tmp_riwbx11w.0ow

>...

 

So all the connecting to Exchange Online with MFA was for nothing.

 

I simply conclude that I've to use local Outlook to send messages with powershell if MFA is enabled:

$Outlook = New-Object -ComObject Outlook.Application
$Mail = $Outlook.CreateItem(0)
$Mail.To = "xxx@xxx.fi"
$Mail.Subject = "Testpost"
$Mail.Body ="some writing"
$Mail.Send()

 

To summarize: 

  • If MFA enabled there is no way to connect to Exchange Online to send emails

Solution:

  • drop the MFA or use the local Outlook client to send messages

Hope this helps to avoid the same searching and googling to find out there is no cure. Better yet if anybody has answers.

Resources