Powershell 7 and Exchange Online MFA

%3CLINGO-SUB%20id%3D%22lingo-sub-1093594%22%20slang%3D%22en-US%22%3EPowershell%207%20and%20Exchange%20Online%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1093594%22%20slang%3D%22en-US%22%3E%3CP%3EIt%20seems%20this%20question%20can%20go%20to%20many%20different%20forums%20or%20targets%2C%20but%20I%20figured%20it%20should%20really%20be%20focused%20here.%26nbsp%3B%20Exchange%20after%20all%20was%20the%20first%20real%20resource%20to%20utilize%20Powershell%2C%20and%20as%20Powershell%20gets%20more%20and%20more%20modern%2C%20we%20are%20not%20reaping%20the%20benefits.%26nbsp%3B%20In%20order%20to%20connect%20to%20Exchange%20Online%20we%20are%20required%20to%20stick%20with%20Powershell%20in%20Windows%20--%20version%205.1.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWith%20Powershell%207%20basically%20released%20(supportable%20version%20out%20now%20in%20RC%20form)%2C%20there's%20still%20no%20way%20to%20utilize%20PS7%20features%20with%20Exchange%20Online%2C%20at%20least%20when%20using%20MFA.%26nbsp%3B%20%26nbsp%3BThey're%20great%20features%2C%20I%20really%20would%20like%20to%20use%20them...%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20a%20supported%20path%20or%20process%20to%20using%20PS7%20with%20ExO%20with%20MFA%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1093594%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EExchange%20Online%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EPowerShell%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1093849%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%207%20and%20Exchange%20Online%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1093849%22%20slang%3D%22en-US%22%3E%3CP%3ESupport%20is%20coming%2C%20there's%20already%20a%20compatible%20version%20of%20the%20ExO%20cmdlets%20available%20in%20ACS%2C%20and%20they've%20demoed%20some%20of%20the%20features%20with%20the%20new%20REST-based%20cmdlets.%20Don't%20have%20any%20timelines%20to%20share%20though.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1093932%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%207%20and%20Exchange%20Online%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1093932%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F58%22%20target%3D%22_blank%22%3E%40Vasil%20Michev%3C%2FA%3E%26nbsp%3BThat's%20the%20irony%20here%20--%20ACS%20only%20supports%20the%20active%20tenant%20you're%20working%20with%20and%20only%20supports%20PS%206.2%20with%20no%20way%20to%20modify%2C%20while%20also%20requiring%20cloud%20storage%20commitments%20(no%20purist%20O365%20management).%26nbsp%3B%20%26nbsp%3BI%20admit%20the%20costs%20are%20small%20but%20that's%20not%20really%20the%20point.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20REST%20commands%20are%20useful%20but%20are%20so%20limited%20as%20to%20be%20not%20relevant%20here%3B%20it's%20really%20about%20connectivity%20and%20viability%20to%20a%20tenant.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20would%20consider%20ACS%20a%20moderate%20step%20to%20the%20end%20goal%20if%20I%20could%20use%20a%20personal%20ACS%20to%20remote%20into%20others%2C%20but%20that%20is%20not%20possible%20in%20any%20ways%20I%20can%20find.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20appreciate%20the%20work%20that%20MS%20is%20doing%20in%20this%20area%20but%20it%20seems%20like%20there's%20no%20conversation%20in%20this%20space%20-%20you%20simply%20can't%20authenticate%20into%20EXO%20from%20PS%206%20or%207%20on%20Windows%20(Modern%20auth).%26nbsp%3B%20%26nbsp%3B%20I%20believe%20I%20could%20probably%20get%20this%20to%20work%20without%20using%20modern%20auth%20but%20that%20seems%20like%20a%20horrible%20step%20backward%2C%20which%20is%20why%20I'm%20trying%20to%20shake%20this%20tree.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1094934%22%20slang%3D%22en-US%22%3ERe%3A%20Powershell%207%20and%20Exchange%20Online%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1094934%22%20slang%3D%22en-US%22%3E%3CP%3EI%20was%20just%20giving%20it%20as%20an%20example%20of%20work%20that's%20done%20to%20support%20%22core%22%20installs%20and%20the%20corresponding%20dependencies.%20But%20now%20that%20we%20have%20ADAL%2FMSAL%20support%20for%20.NET%20Core%2C%20you%20can%20establish%20a%20remote%20session%20even%20in%20ACS%20instance%2C%20and%20of%20course%20it's%20just%20a%20matter%20of%20time%20to%20get%20official%20support%20for%20the%20ExO%20cmdlets%20on%20PS7%2FCore.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
New Contributor

It seems this question can go to many different forums or targets, but I figured it should really be focused here.  Exchange after all was the first real resource to utilize Powershell, and as Powershell gets more and more modern, we are not reaping the benefits.  In order to connect to Exchange Online we are required to stick with Powershell in Windows -- version 5.1.

 

With Powershell 7 basically released (supportable version out now in RC form), there's still no way to utilize PS7 features with Exchange Online, at least when using MFA.   They're great features, I really would like to use them...

 

Is there a supported path or process to using PS7 with ExO with MFA?

3 Replies
Highlighted

Support is coming, there's already a compatible version of the ExO cmdlets available in ACS, and they've demoed some of the features with the new REST-based cmdlets. Don't have any timelines to share though.

Highlighted

@Vasil Michev That's the irony here -- ACS only supports the active tenant you're working with and only supports PS 6.2 with no way to modify, while also requiring cloud storage commitments (no purist O365 management).   I admit the costs are small but that's not really the point.

 

The REST commands are useful but are so limited as to be not relevant here; it's really about connectivity and viability to a tenant.

 

I would consider ACS a moderate step to the end goal if I could use a personal ACS to remote into others, but that is not possible in any ways I can find.  

 

I appreciate the work that MS is doing in this area but it seems like there's no conversation in this space - you simply can't authenticate into EXO from PS 6 or 7 on Windows (Modern auth).    I believe I could probably get this to work without using modern auth but that seems like a horrible step backward, which is why I'm trying to shake this tree.

Highlighted

I was just giving it as an example of work that's done to support "core" installs and the corresponding dependencies. But now that we have ADAL/MSAL support for .NET Core, you can establish a remote session even in ACS instance, and of course it's just a matter of time to get official support for the ExO cmdlets on PS7/Core.