Aug 01 2016 02:33 AM
Aug 01 2016 02:33 AM
I am running into issues with autheticating to O365 on Powershell and in this case my account has been enabled with MFA.
I already installed the preview from https://blogs.technet.microsoft.com/enterprisemobility/2015/10/20/azure-ad-powershell-public-preview... and the authentication basically works but then comes in the question on how to authenticate with Exchange Online? I found a post already where a MSFT engineer states that the only way here would be to create a dedicated admin account without MFA enabled but we strictly enabled MFA on admin accounts for security reasons.
I noticed that there are no plans on uservoice (but some suggestions) to enable this. Has anyone already found another solution (except for creating another account without MFA)?
Aug 01 2016 01:34 PM
The module only helps with the Azure AD part, Exchange/Skype/SharePoint PowerShell and so on are still not able to take advantage of MFA. And it has been requested a million times already, without any official acknowledgement/confirmation on MS side (that I'm aware of).
Aug 05 2016 10:03 AM
Aug 08 2016 11:54 AM
I'm with you. I want MFA on all my admin IDs, yet MFA is not enabled when using PowerShell for O365 or Exchange Online. Yes, I did get into Azure AD powershell with MFA and was not able to administer Exchange Online or anything else.
Yep. Not-so-patiently waiting for MS to imbed MFA here. I love the extra level of security MFA adds to the game.
Aug 22 2016 06:08 AM
What we ended up doing, was configuring Conditional Access MFA on the O365 Exchange Endpoint to while not at work for our admin group. This seems to have helped us from within the Azure AD Domain Applications list.
Sep 13 2016 06:46 PM
The PnP powershell cmdlets can be use with MFA to peform many actions in SPO, see https://github.com/OfficeDev/PnP-PowerShell and use the https://github.com/OfficeDev/PnP-PowerShell/blob/master/Documentation/ConnectSPOnline.md with the UseWebLogin option
Sep 14 2016 03:45 AM
Sep 26 2016 02:11 AM
I agree that all PS connecting to O365 should support the ADAL library.
Waiting for this feature already more than 1 year.
Nov 07 2016 12:10 PM
Making sure you're aware of this thread here: https://techcommunity.microsoft.com/t5/Identity-Authentication/MFA-and-Powershell/m-p/23579/thread-i...
Nov 09 2016 11:39 PMSolution
Jan 05 2017 03:06 PM
We've been able to get our Office 365 Admin accounts with MFA enabled working with Powershell for Exchange Online, Skype for Business etc.....with some caveats:
Assuming the above caveats are ok, follow the below steps to set it up:
This has closed a security policy breach for us, we were struggling with it for a while, the missing piece for us was deleting the default app password that gets set up automatically when you enable MFA on your account. I hope that this can help other people struggling with the same issue.
The ideal solution will come when Microsoft updates each of their services to allow federated accounts with MFA
to authenticate via powershell (it seems like they are making slow progress).
Mar 02 2017 05:40 AM
We enabled MFA for our Exchange Admins and they are able to run the PowerShell okay. We are finding that they are having to re-auth every 30 minute or so. Anyone know if there's a way to extend this?
Also, is Exchange PowerShell the only one that is supporting MFA at this time? I'm not seeing anything for SharePoint...
Mar 21 2017 01:39 AM
Mar 21 2017 01:39 AM
Seems that Exchange Online ist MFA enabled now.
Have a look at this article:
"Connect to Exchange Online PowerShell using multi-factor authentication"
Mar 22 2017 11:03 AM
Anyone have a clue as to how to use MFA login in an unattended powershell script?
I have MFA working fine with powershell interactively - The login and MFA dialogs come up and do the right thing but this does me no good for the scheduled things I need to do off-hours.
Mar 22 2017 11:12 AM
You need to use the PnP SharePoint cmdlets to use MFA with SPO, see https://github.com/SharePoint/PnP-PowerShell,
If the account requires MFA, the UseWebLogin parameter is needed, see https://github.com/SharePoint/PnP-PowerShell/blob/master/Documentation/ConnectPnPOnline.md
Mar 22 2017 11:20 AM
Apr 25 2017 08:28 AM - edited Apr 25 2017 08:32 AM
This works well now for using PowerShell with SharePoint Online and MFA - interactive, but approach works with MFA - https://technet.microsoft.com/en-us/library/fp161372.aspx
Apr 25 2017 10:35 AM
You need the latest SPO PowerShell module version though: https://www.microsoft.com/en-us/download/details.aspx?id=35588&751be11f-ede8-5a0c-058c-2ee190a24fa6=...
And, SfBO PowerShell also supports MFA now: https://www.microsoft.com/en-us/download/details.aspx?id=39366
Oct 04 2017 07:00 AM
Oct 04 2017 07:00 AM
I tried to get send emails from powershell when MFA is enabled, but no avail.
This worked when my account did not have MFA enabled (just example):
When I enabled MFA for my account then sending email is not possible through powershell anymore.
Getting this error:
Send-MailMessage : The SMTP server requires a secure connection or the client was not authenticated
Followed this article and one hour later got it working:
- run into problems like only IE working and runas IE different user not working
- tip: log on to your machine with the account you have as Exchange admin privileges, don't try to use runas -functionality to fool your browser, because it will try to install Microsoft Exchange Online Powershell Module from the Exchange admin center to user who is logged on. I got weird errors like this is already installed from a different location and ofcourse the dirrefent zone error and so on.
After once succesfully done that with the proper account, the "normal account" I use to run my scripts in this machine seems to work fine.
Got the Connect-EXOPSSession working fine and was very frustated to find out that there seems to be no way to send email through EXOPSSession.
It does not have that "inside" Connect-EXOPSSession:
>Get-Command -Module tmp_riwbx11w.0ow
>Function Search-MessageTrackingReport 1.0 tmp_riwbx11w.0ow
>(SHOULD BE here!)
>Function Send-TextMessagingVerificationCode 1.0 tmp_riwbx11w.0ow
>Function Set-CalendarNotification 1.0 tmp_riwbx11w.0ow
So all the connecting to Exchange Online with MFA was for nothing.
I simply conclude that I've to use local Outlook to send messages with powershell if MFA is enabled:
$Outlook = New-Object -ComObject Outlook.Application
$Mail = $Outlook.CreateItem(0)
$Mail.To = "email@example.com"
$Mail.Subject = "Testpost"
$Mail.Body ="some writing"
Hope this helps to avoid the same searching and googling to find out there is no cure. Better yet if anybody has answers.
Oct 26 2017 05:03 AM