60 minutes timeout on MFA Session

Mahmoud Badran · ‎May 10 2019

Below is the script for a non-ending MFA session, that renews it self ; once you connect to ExO with this script it will stay open.

first Use Internet Explorer to download and install this module https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.appli...

The script has an automated firing timer every 10 minutes , but you can either force it by

Invoke-ExoOnlineConnection -RepairPSSession

or check if the session is about to expire and repairs itself

Invoke-ExoOnlineConnection -Checktimer

###############################################################

^{$Global:ErrorActionPreference = "Stop"}

^{$Global:VerbosePreference = "Continue"}

^{$office365UserPrincipalName = "ADMIN@o365.com"}

^{$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName}

^{$ExoPowershellModule = "Microsoft.Exchange.Management.ExoPowershellModule.dll";}

^{$ModulePath = [System.IO.Path]::Combine($PSExoPowershellModuleRoot, $ExoPowershellModule);}

^{Import-Module $ModulePath;}

^{function Invoke-ExoOnlineConnection{}

^{[cmdletbinding()]}

^Param

⁽

^{[Parameter(Mandatory=$false)]}

^{[switch]$Checktimer,}

^{[Parameter(mandatory=$false, valuefrompipeline=$false)]}

^{[switch]$RepairPSSession}

⁾

^begin{}

^process{

^{#determine if PsSession is loaded in memory}

^{$ExosessionInfo = Get-PsSession}

^{#calculate session time}

^{if ($global:ExosessionStartTime){}

^{$global:ExosessionTotalTime = ((Get-Date) - $global:ExosessionStartTime)}

^}

^{#need to loop through each session a user might have opened previously}

^{foreach ($ExosessionItem in $ExosessionInfo){}

^{#check session timer to know if we need to break the connection in advance of a timeout. Break and make new after 40 minutes.}

^{if ($ExosessionItem.ComputerName.Contains("outlook.office365.com") -and $ExosessionItem.State -eq "Opened" -and $global:ExosessionTotalTime.TotalSeconds -ge "2400"){}

^{Write-Verbose -Message "The PowerShell session has been running for $($global:ExosessionTotalTime.TotalMinutes) minutes. We need to shut it down and create a new session due to the access token expiration at 60 minutes."}

^{$ExosessionItem | Remove-PSSession}

^{Start-Sleep -Seconds 3}

^{$strSessionFound = $false}

^{$global:ExosessionTotalTime = $null #reset the timer}

^{} else { Write-Verbose -Message "The PowerShell session has been running for $($global:ExosessionTotalTime.TotalMinutes) minutes.)"}}

^{#Force repair PSSession}

^{if ($ExosessionItem.ComputerName.Contains("outlook.office365.com") -and $RepairPSSession){}

^{Write-Verbose -Message "Attempting to repair broken PowerShell session to Exchange Online using cached credential."}

^{$ExosessionItem | Remove-PSSession}

^{Start-Sleep -Seconds 3}

^{$strSessionFound = $false}

^{$global:ExosessionTotalTime = $null}

^{}elseif ($ExosessionItem.ComputerName.Contains("outlook.office365.com") -and $ExosessionItem.State -eq "Opened"){}

^{$strSessionFound = $true}

^}

^{if (!$strSessionFound){}

^{Write-Verbose -Message "Creating new Exchange Online PowerShell session..."}

^try{

^{$ExoSession = New-ExoPSSession -UserPrincipalName $office365UserPrincipalName -ConnectionUri "https://outlook.office365.com/powershell-liveid/" -ErrorAction SilentlyContinue -ErrorVariable $newOnlineSessionError}

^}

^catch{

^{Write-Verbose -Message "Throw error..."}

^throw;

^{} finally {}

^{if ($newOnlineSessionError) {}

^{Write-Verbose -Message "Final error..."}

^{throw $newOnlineSessionError}

^}

^{Write-Verbose -Message "Importing remote PowerShell session..."}

^{$global:ExosessionStartTime = (Get-Date)}

^{Import-PSSession $ExoSession -AllowClobber | Out-Null}

^}

^end{}

^}

^{## Create an Timer instance}

^{$timer = New-Object Timers.Timer}

^{## Now setup the Timer instance to fire events}

^{$timer.Interval = 600000}

^{$timer.AutoReset = $true # enable the event again after its been fired}

^{$timer.Enabled = $true}

^{## register your event}

^{## $args[0] Timer object}

^{## $args[1] Elapsed event properties}

^{Register-ObjectEvent -InputObject $timer -EventName Elapsed -SourceIdentifier Repair -Action {Invoke-ExoOnlineConnection -Checktimer}}

^{###############################################################}

bjbakker · ‎Jul 30 2020

@Mahmoud Badran

Following line is a bit slow because of directory traversal:

$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName

Replacing $env:userprofile with $($env:LOCALAPPDATA+"\Apps\2.0\") helps a lot.

kkrteek · ‎Jan 14 2021

@Mahmoud Badran

I have tried to run the below script

Get-Mailbox -resultsize unlimited -RecipientTypeDetails "UserMailbox" | Get-MailboxFolderPermission | Where-Object {$_.user -like "default"} | where-object {$_.Accessrights -notlike "none"} |Select-object -property Identity,FolderName,User,AccessRights

the above is ran against 1 Lakh mailboxes ,but the session is getting terminated half way and am getting the below error

Processing data for a remote command failed with the following error message: Access is denied. For more information,
see the about_Remote_Troubleshooting Help topic.

Steps i followed:

1.Open Exo module,

2.Ran the script

3.Then connected to Exchange Online using Connect-Exopssession

Am i doing anything wrong?

60 minutes timeout on MFA Session

60 minutes timeout on MFA Session

Re: 60 minutes timeout on MFA Session

Re: 60 minutes timeout on MFA Session

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

60 minutes timeout on MFA Session

60 minutes timeout on MFA Session

Re: 60 minutes timeout on MFA Session

Re: 60 minutes timeout on MFA Session