Forum Discussion
Azure Automation connecting to Exchange with MFA enforced
Chris Johnston The answer is deceptively simple....
I published a Runbook script to get you started with the initial connection, then you can add your own script form there on.
https://www.powershellgallery.com/packages/AzureAutomationAgainstExchangeOnlineWithMFAEnabledAccount/1.0.0
Chris Johnston Unfortunately what I was suggesting will not work. There seems to be a user voice regarding this. https://office365.uservoice.com/forums/273493-office-365-admin/suggestions/14890308-allow-admin-to-create-powershell-session-using-app
I am thinking that you will not be able to do what you want to do with MFA enabled.
Richard_Hooper Hopefully I'll get an answer to this but in the meantime as a workaround, I'll look at using conditional access to block a service account (that doesn't have MFA enforced) unless it's from a named location of the data centre where the automation account has been provisioned.
https://www.microsoft.com/en-us/download/details.aspx?id=41653
Doesn't look like you can be more granular than that for a runbook
https://social.msdn.microsoft.com/Forums/azure/en-US/26bd07d4-05bc-446f-a4d5-c185f517d8bb/storage-account-firewall-and-azure-automation?forum=windowsazuredata
and presumably the IPs are subject to change, plus I will now have MFA exclusions requiring security approval so its not an ideal workaround tbh.
Have someone solved to connect to EOP from Runbook with MFA enabled from Conditional Access? Or a workaround?
Magnus Tengmo did you manage to solve this ?
- Probably this will work:
https://www.powershellgallery.com/packages/ExchangeOnlineShell/2.0.3.3
