PowersHell and Basic authentication

Super Contributor

Hi there,

I have been trying to get the PowersHell connections to work to Office 365 and current results are:

(AD) Connect-AzureAD: Working

(Exchange) Connect-EXOPSSession: Not working (Basic authentication is currently disabled...)

(Skype) New-csOnlineConnection: Not working (Basic authentication is currently disabled...)

 

Question to you who might know this better: why AzureAD is working while others doesn't? Has AzureAD team done some fixes to their connection and Exchange/Skype team has not? Both of them are asking the MFA credentials, but when I have appoved the authentication request on my phone the error appears.

 

My connections are coming through the proxy and the MFA is enabled on the tenant.

3 Replies

Because Exchange and SfBO use "hacks" to connect. They are basically fetching the token via the ADAL controls, but still passing it using Basic authentication. I have some examples on how you can do this on my blog: https://www.michev.info/Blog/Post/1771/hacking-your-way-around-modern-authentication-and-the-powersh...

 

Bottom line is, they do need Basic authentication enabled in WinRM settings.

@Vasil Michev"They are basically fetching the token via the ADAL controls, but still passing it using Basic authentication." Is this based on your own investigation or do you have a document that spells this out?

No need for a document, simply look at the way credentials are passed and the connection string.

 

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/PowerShell-LiveId?BasicAuthToOAuthConversion=true -Credential $Ctoken -Authentication Basic -AllowRedirection