PowerShell automation and MFA

%3CLINGO-SUB%20id%3D%22lingo-sub-1281460%22%20slang%3D%22en-US%22%3EPowerShell%20automation%20and%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1281460%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EI%20have%20a%20few%20basic%20PowerShell%20scripts%20(password%20expiry%20email%2C%20new%20user%2C%20leavers%20etc)%20that%20I%20run%20on%20a%20regular%20basis.%20The%20expiry%20email%20is%20automated.%20However%2C%20with%20MFA%2C%20this%20stops%20as%20well%20as%20any%20other%20script%20I%20want%20to%20run%20on%20a%20schedule%20without%20any%20user%20interaction.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIs%20there%20anyway%20around%20this%3F%20I've%20seen%20app%20passwords%20mentioned%20but%20will%20this%20cover%20a%20log%20in%20to%20both%20MSOnline%20and%20Exchange%20Online%3F%20Also%2C%20I've%20seen%20that%20app%20passwords%20are%20being%20depreciated%20soon.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EAny%20help%20is%20appreciated.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1281460%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EOffice%20365%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1291366%22%20slang%3D%22en-US%22%3ERe%3A%20PowerShell%20automation%20and%20MFA%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1291366%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F609201%22%20target%3D%22_blank%22%3E%40James90%3C%2FA%3E%26nbsp%3BHow%20about%20a%20account%20exclusively%20for%20the%20automation%20processes%20in%20PowerShell%20(MFA%20disabled)%20leaving%20your%20regular%20account%20intact.%20But%20maybe%20not%20what%20your%20looking%20for.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Visitor

Hi,

 

I have a few basic PowerShell scripts (password expiry email, new user, leavers etc) that I run on a regular basis. The expiry email is automated. However, with MFA, this stops as well as any other script I want to run on a schedule without any user interaction.

 

Is there anyway around this? I've seen app passwords mentioned but will this cover a log in to both MSOnline and Exchange Online? Also, I've seen that app passwords are being depreciated soon.

 

Any help is appreciated.

1 Reply
Highlighted

@James90 How about a account exclusively for the automation processes in PowerShell (MFA disabled) leaving your regular account intact. But maybe not what your looking for.