Modern Authentication is an authentication mechanism replacing NTLM or Kerberos and allows to enable scenarios like multi-factor authentication.
In the past, you couldn’t leverage Modern Authentication if you wanted to connect as an administrator via remote PowerShell to manage Skype for Business Online. This meant that you had to use an administrator account that did not enforce Modern Authentication.
For administrators to benefit from the additional security that Modern Authentication provides, we updated the Skype for Business Online Windows PowerShell Module. Note: You must have version 7.0.1045.0 or higher (link is at the end of this article).
In addition, to use multi-factor authentication, you can no longer provide a PSCredential object to New-CsOnlineSession. New-CsOnlineSession will prompt for credentials without a PSCredential object, so you will always get a pop-up to provide your credentials. The credentials can be used for up to 8 hours, then you must re-authenticate after 8 hours.
Examples of how to use the new connector with a modern authentication enabled tenant:
New-CsOnlineSession user@domain.com |
Prompts credentials of the specified user, using multi-factor authentication enabled for that user. |
New-CsOnlineSession |
Prompts for admin UPN, then prompt for credentials for that user, using multi-factor authentication if enabled. |
New-CsOnlineSession <PSCredential> |
Not valid if multi-factor authentication is enabled for the user. Included so that existing scripts for admins using username and password only, will continue to work. |
Deployment considerations
There are a few known issues we want to point out:
$SkypeSession = Get-PSSessionIt is also important to keep the session expiration in mind if you plan to run scripts that might run longer than 8 hours.
Remove-PSSession $SkypeSession
Call to action:
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.