Home

We’re very happy to announce that the Exchange Online PowerShell module is now available in Azure Cloud Shell!

If you're an Exchange admin and you've never used Azure Cloud Shell before (or have no idea what it even is!), then this blog post is for you. We know it’s hard to keep up to date with all the different things Microsoft is doing at any point in time, so we’re making sure our Exchange admins know about this pretty nifty capability we recently released. In short, Azure Cloud Shell is a browser-based, authenticated shell experience, hosted by Microsoft.

You can use any browser to securely open a shell environment hosted in Azure, then you can connect to Exchange Online (and of course, Azure) – and have the exact same experience managing Exchange Online that you do today – but without any of the concerns about installation of required components or operating system suitability.

To get started, you can either point your browser at shell.azure.com or launch Cloud Shell directly from the Azure portal by clicking the Cloud Shell icon (shown below, top bar, highlighted by the small blue box) and select the PowerShell experience. If you’re coming from shell.azure.com you’ll have to authenticate and complete any MFA requirements (we hope that your subscription has MFA enabled across all accounts).

 

Azure Cloud Shell EXO Pic 1.jpg

 

From there all you need to do is run Connect-EXOPSSession. You need to use an account with the correct Role Based Access Control (RBAC) role assignments and permissions. The best part of this whole experience is that we have enabled Single Sign On (SSO) so there’s no need to provide any additional credentials.

The Exchange cmdlets are automatically pulled down to the Cloud Shell environment and this allows you to perform exactly the same tasks as you might normally have done using Exchange Online PowerShell directly.

Take a look at this video from last year’s Ignite conference to see how we tried to make this process as straightforward as possible. And all you need is a browser!

The section below covers some of the most frequent questions. However, we encourage you to use the comments section below to post your comments and questions and we’ll do our best to answer them.

 

How does this really work?

When you start a Cloud Shell session, you are connected to a Linux container run by Microsoft. Yes, it’s actually running on Linux. To make that possible we had to re-factor the Exchange Online PowerShell code to work with PowerShell Core.

Once that session is open, you can use any of the tools available in Azure Cloud Shell and Exchange Online PowerShell is now one of them.

What license or other requirements are there?

To use Cloud Shell, you only need an Azure subscription and an Azure Storage account. Cloud Shell needs a Storage account in Azure for temporary storage of the cmdlet working environment, for any import/exports you do, and to save your scripts and other files. This storage is persisted for your account, so wherever and whenever you use Cloud Shell any files/scripts you have are always available.

The only cost for running Azure Cloud Shell comes from using an Azure Storage account which is typically very low. Azure Storage charges are based on a consumption model, so you only pay for what you use. We highly recommend that you always monitor closely your Azure consumption. For more details on pricing please see here.

Is this really the full set of Exchange cmdlets? What’s missing?

Yes, this is the entire Exchange Online cmdlet library. Everything has been modified to work in PowerShell Core. Everything works in the same way as it does today, it’s just accessed differently.

Are you deprecating the current Exchange PowerShell module in favor of this?

We have no plans to do that currently.

What about RBAC?

RBAC is fully respected and works just as it does with Windows PowerShell.

How do I import and export data?

From the Azure Portal or shell.azure.com, there is an Upload/Download icon in the toolbar which can be used to move your local scripts to Cloud Shell and vice versa.  You are also able to drag and drop local files into the terminal and they will be automatically uploaded to Cloud Shell.

From the terminal, a Download command is available to install a desired file from Cloud Shell.

Files that are saved under the clouddrive in Cloud Shell will also be surfaced anywhere you can browse your Azure storage accounts, like for instance Azure Storage Explorer.

 

Azure Cloud Shell EXO Pic 2.jpg

 

How do I keep Cloud Shell up to date?

You don’t need to – we do that for you. That’s the beauty of this setup, it’s always up to date, and secure, and accessible from anywhere you can get to with a browser.

Are there any other ways of accessing Cloud Shell?

Azure Cloud Shell is available from the Azure Portal, shell.azure.com, the Azure Mobile App, the Azure Extension in Visual Studio Code, the “Try it” button in Microsoft Docs, and Microsoft Learn.

What other constraints are there?

The only one we want to call out is timeouts – in order to ensure we don’t have sessions running forever doing nothing, we timeout sessions that don’t have interactive use. In short, if you don’t touch the machine for more than 20 minutes (approx.) we will reclaim the session. We anticipate that the current timeout should work for most ad-hoc management scenarios but if you intend to execute long-running scripts then Cloud Shell is not the best tool for the job.

That’s about all we need to tell you for now, and we’d love to hear your feedback in the comments section. There’s also a QuickStart guide here, so take Cloud Shell for a spin today.

 

Danny Maertens

Azure Cloud Shell PM (and a big fan of Exchange)

14 Comments
Contributor

Nice, now does this include msol commandlets for checking MFA settings and or resetting users settings? Just because?

Occasional Visitor

Are the PS Core version of Exchange PS in github and available to add to vscode?

Are the PS Core version of Exchange PS in github and available to add to vscode? - No, not at this time. 

Occasional Visitor

When I clicked the link it make me create an account and to create a subscription and it wanted me to put in credit card information to create the subscription. I just want to be able to manage my corporate exchange powershell easily. why would I need to enter a credit card to do this?

Regular Visitor

"The best part of this whole experience is that we have enabled Single Sign On (SSO) so there’s no need to provide any additional credentials."

While, yes, this is cool for accounts that have an Azure subscription, is it possible that we get the -UserPrincipalName option on the Connect-EXOPSSession?

Why?  Some of our Exchange admin accounts may not have a Azure subscription for storage, but we have other accounts that do.

Microsoft

@denstjames1, an Azure account is required to use Cloud Shell.  Make sure you are signed into your account if you have one. If you do not have an account, go here (https://azure.microsoft.com/free/) to try a free trial.

The compute power behind Cloud Shell is provided for free, but a storage account it required.  The storage is used to persist any files and settings that you have. The cost related to Cloud Shell storage is usually around a few cents (USD) per month.

New Contributor

Am I correct in seeing that this is only for those running Exchange in Azure and not a regular Office 365 tenant?

@Jason Head - no, not at all - in fact, the complete opposite. This is for O365 tenant admins - This connects to Exchange Online. This won't actually do anything for those running Exchange on VM's in Azure (which (for all but a few scenarios) is rarely a good idea generally speaking).  

New Contributor

Greg - I must be missing something then. Is it possible that this is only for certain Office 365 plans? I logged in as admin to a tenant that uses all Business Essentials licenses and the shell.azure.com link, after asking me to choose Bash or PowerShell, then says "No valid subscriptions found. You need an Azure subscription to use Azure cloud Shell." Same thing logging in as admin on a different tenant that uses a mixture of Business Essentials and Business Premium licenses.

Microsoft

@Jason Head, this does require that you have an Azure account, but that does not mean that you have to be running Exchange in Azure.  Just ensure that your account used to manage Exchange and to log into Azure are the same.

Super Contributor

I think MFA is giving me issues when using Connect-EXOPSSession in the cloud shell.

 

PS C:\users\me:\>Get-Mailbox -Filter '(RecipientTypeDetails -eq "RoomMailBox")' | Get-MailboxRegionalConfiguration

 

works fine when executed from a powershell session on my pc, but returns an error when executing in the cloud shell

 

PS Azure:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "RoomMailBox")' | Get-MailboxStatistics
Sending data to a remote command failed with the following error message: Basic Authorization failed for user ..@... For more information, see the about_Remote_Troubleshooting Help topic.

 

With a select, it works ok:

PS Azure:\> Get-Mailbox -Filter '(RecipientTypeDetails -eq "RoomMailBox")' | Select Name,Alias

@bart vermeersch - good find. Looks like that might be a bug, we're investigating. Thanks for trying it out and of course the cool thing is when we fix it, you don't need to do anything. It'll just start working. 

 

I'll post back if I hear when we fix it. 

Visitor

@Jason Head Having Exchange running in the cloud is not the same as having an Azure Subscription.  You can have the former without the latter.  The Azure Subscription that the cloud shell wants is just used for storing persistent files and stuff, and probably won't generate much, if any, actual billing against your credit card.  It'd be nice to get some estimates from Microsoft on what to expect here, though.

Regular Visitor

Does the PowerShell session also expire as often as before?  Or does it support modern Auth with OAuth Tokens