Dec 13 2018
05:50 AM
- last edited on
Feb 10 2023
02:26 PM
by
TechCommunityAP
Dec 13 2018
05:50 AM
- last edited on
Feb 10 2023
02:26 PM
by
TechCommunityAP
Hi there,
I have been trying to get the PowersHell connections to work to Office 365 and current results are:
(AD) Connect-AzureAD: Working
(Exchange) Connect-EXOPSSession: Not working (Basic authentication is currently disabled...)
(Skype) New-csOnlineConnection: Not working (Basic authentication is currently disabled...)
Question to you who might know this better: why AzureAD is working while others doesn't? Has AzureAD team done some fixes to their connection and Exchange/Skype team has not? Both of them are asking the MFA credentials, but when I have appoved the authentication request on my phone the error appears.
My connections are coming through the proxy and the MFA is enabled on the tenant.
Dec 13 2018 10:49 AM
Because Exchange and SfBO use "hacks" to connect. They are basically fetching the token via the ADAL controls, but still passing it using Basic authentication. I have some examples on how you can do this on my blog: https://www.michev.info/Blog/Post/1771/hacking-your-way-around-modern-authentication-and-the-powersh...
Bottom line is, they do need Basic authentication enabled in WinRM settings.
May 16 2019 06:41 AM
@Vasil Michev"They are basically fetching the token via the ADAL controls, but still passing it using Basic authentication." Is this based on your own investigation or do you have a document that spells this out?
May 16 2019 08:33 AM
No need for a document, simply look at the way credentials are passed and the connection string.
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-LiveId?BasicAuthToOAuthConversion=true -Credential $Ctoken -Authentication Basic -AllowRedirection