Forum Discussion
Connect to Office365 via Powershell as a Delegate Access Partner with MFA enabled
Hi,
we have identities in our Partner Center Azure AD which have e.g. global admin rights for the customer tenants. In the Partner Center Azure AD we´ve enabled MFA for this accounts.
I can use the admin portal as expected with this constellation when using the URL:
https://portal.office.com/Partner/BeginClientSession.aspx?CTID=TENANDGUID&CSDEST=o365admincenter
When MFA is not enabled it works also fine with the PSSession Function (see https://docs.microsoft.com/en-us/office365/enterprise/powershell/connect-to-exchange-online-tenants-with-remote-windows-powershell-for-delegated):
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell-liveid?DelegatedOrg=<customer tenant domain name>-Credential $UserCredential -Authentication Basic -AllowRedirection
But when I´m trying to connect via Connect-Exopsession in a similar way:
connect-exopsession -connectionuri https://ps.outlook.com/powershell-liveid?DelegatedOrg=<customer tenant domain name>
the authentication prompt came up and authenticates me successfull, but after that i´m getting a HTML error reponse in the powershell like this:
Any thoughts what i´m doing wrong or why it doesn´t work?
Thank you
Jakob
We've brought this issue several times already, but afaik it's still not supported. On the other hand, the "sister" SCC MFA module does support delegate access via the corresponding parameter:
Connect-IPPSSession -DelegatedOrganization
It's just another example on how the different teams at Microsoft fail to talk to each other...
Note that for cmdlet Connect-EXOPSSession the ConnectionUri parameter is different from that of New-PSSession (Office 365 DE has a different ConnectionUri, while other Office 365 tenant locations don't have any). Check the following guide for installing remote EXO powershell module with MFA enabled, and samples on how to connect:
https://technet.microsoft.com/en-us/library/mt775114(v=exchg.160).aspx
I couldn't find any documentation on connecting to EXO as a delegate with MFA. I don't even know if it's possible. This is what I would try:
1. Follow the instructions in the URL to install EXO MFA module, open it and run Connect-EXOPSSession as per the documentation. After connected run your $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.outlook.com/powershell-liveid?DelegatedOrg=<customer tenant domain name>-Credential $UserCredential -Authentication Basic -AllowRedirection
