MFA + Powershell + Non-Admin accounts

Copper Contributor

We are trying to access Outlook on the Web, enforce MFA on all accounts, and have no access to cellphones (and behind an IVR for landlines).  We have Business Essentials licenses and do not have Azure conditional access licenses.

 

We can access our email through other tools using app passwords, but those do not work for Outlook on the Web.  I have tried to connect the machines via Powershell + MSOnline module without success, which I believe is related to these being non-admin accounts.

 

What options do I have for accessing Outlook on the Web?

8 Replies

Not sure what exactly you are trying to achieve here. OWA supports MFA, as it's a web based application that directly leverages the Azure AD experience. You do NOT need app passwords for OWA. Conditional access is also not needed, as long as you have enforced MFA for the user.

We don't have access to the authenticator, voice, or text at this location.

So why are you enforcing MFA then?

I'm not going to engage in rhetoric here.

You could SKIP MFA when coming from this site (certain IP addresses).  That would give MFA protection when used outside of the site.

Paul, that would require a P1 or P3 license for Azure, correct?  Is there an alternative for conditional access?

I don't know the answer.  Go here, start digging.  https://docs.microsoft.com/en-us/azure/multi-factor-authentication/multi-factor-authentication-how-i...  

 

I have E1 and E3 licenses with EMS, so my groundwork was already set.

Perhaps I can do it through OAuth.. thanks for the tip!