How to connect to Office 365 via PowerShell with Modern Auth and MFA - Multi-Factor Authentication


Introduction to Modern Authentication - Multi-Factor Authentication - 

Introduction - 
Office 365 Modern Authentication is the underlying technology that also supports MFA (Multi-Factor Authentication). MFA is a great way to add a layer of security to your Office 365 Administration accounts. MFA is the addition of a security challenge that happens after your username and password are accepted. A passcode is then sent to your preferred option for final authentication.

This tutorial will step you through the process for connecting to Office 365 via PowerShell with Modern Authentication. I will also step you through connecting with MFA (Multi-Factor Authentication).

Please see below for a list of all my Modern Auth - MFA (Multi-Factor Authentication) tutorials. 
- How to configure your desktop PC for Office 365 Administration - including MFA - Link
- How to enable MFA (Multi-Factor Authentication) for Office 365 administrators - Link
- How to connect to Office 365 via PowerShell with MFA - Multi-Factor Authentication - Link
- MFA Support - PowerShell modules and resources for Office 365  - Link

------------------------------------------------------------------------------------------------------

Pre-requisites -

Modern Auth and MFA -
- Download and install PowerShell modules and configure your PC for Office 365 Admin - Link

MFA only -
- Enable MFA (Multi-Factor Authentication) for Office 365 administrators - Link

------------------------------------------------------------------------------------------------------

Download and update the Office 365 MFA PowerShell connection script.

Once your PC is configured, you will need to create a connection script.
*** Download and save my Office 365 Connection script with MFA - Link - ***

Next, edit my connection script by opening the file in Notepad or PowerShell ISE.
I personally prefer PowerShell ISE as it provides visual cues when creating and editing scripts.

To edit the script in PowerShell ISE, open PowerShell ISE on the left side of your window, and have Windows Explorer open on the right. Browse to your download directory and drag the file - Connect-O365-MFA-v2-x.ps1 into PowerShell ISE.








You will need to edit two variables - your tenant and your admin UPN.
Simply scroll down the script and find the two variables.







In the variables section, you will see two variables to update - Tenant and UPN









Edit the first variable 
$Tenant - "Tenant" by replacing 'Tenant' with name of your tenant.

Original script









Updated script









Edit the second variable - 
$UPN - "admin@tenant.onmicrosoft.com" by entering your admin user name

Original Script

Updated Script

Now that you have edited the two variables with your tenant name and admin credentials, save your connection script - Connect-Office365-MFA-v2-x.ps1

----------------------------------------------------------------------------------------------------

Connecting to Office 365 via PowerShell with Modern Authentication (non-MFA account)

Open PowerShell and change to the directory that you saved your updated connection file to.
Example - cd c:\scripts
Run the connection script -
Example - .\Connect-O365-MFA-v2-5.ps1






Once the script runs, a Windows Forms GUI will load.

Here you can select one of eight Office 365 services (highlighted in red).
You can also click one of the four Support Links (highlighted in blue).








Choose the Office 365 service you wish to connect to by clicking the appropriate button.
In the following example, you will see what happens when I select - "Connect to Exchange Online".





The script will open up the Modern Authentication login window to connect to Exchange Online.
The login window will also pre-populate the username (from the variable that you edited).
Enter your password and click - Sign in -


PowerShell will display that it running the script to connect to Exchange Online...

PowerShell will display the progress of your connection.

Once connected, PowerShell will show -
"Completed running the script to Connect to Exchange Online - Run the cmdlet - Get-Mailbox to test connection."






If you only need to connect to Exchange Online, simply press the OK button on the PowerShell form.
This will close the PowerShell form window.
















Once the window is closed, the PowerShell script will be finished and you will be able to run PowerShell cmdlets for Exchange Online.

Run the cmdlet - Get-Mailbox to confirm connection -









===========================================================

Connecting to multiple services -
If you would like to connect multiple services in the same PowerShell window, simply select and click the other buttons to connect. After you have connected to the multiple services you want, click the OK button to start running scripts for all the services.

In the example below, I will be connecting to all eight Office 365 services via PowerShell with Modern Auth.

As before -
Open PowerShell and change to the directory that you saved your updated connection file to.
Example - cd c:\scripts
Run the connection script -
Example - .\Connect-O365-MFA-v2-5.ps1






Once the script runs, a Windows Forms GUI will load.


















I will be connecting to Exchange Online first (same as before).
I enter my credentials in pop up, same as before.

Once connected to Exchange Online, PowerShell will show -
"Completed running the script to Connect to Exchange Online - Run the cmdlet - Get-Mailbox to test connection."






As I want to connect to more service, do NOT click 'OK'

I will click on the 'Connect to SharePoint Online' button next.
Enter my credentials in the pop-up again...
I will repeat the process for all eight services.

Powershell will look similar to this after connecting to all eight services.

















After I have connected to all the services I need, I simply click the OK button on the form, and this will close the form.



Once the form is closed, the PowerShell connections will be ready to be used.

I will now confirm I have connections to each service by running cmdlets.

Exchange Online -
Get-Mailbox



SharePoint Online
Get-SpoTenant











Azure AD v1 with Modern Authentication -
Get-MsolUser










Azure AD v2 with Modern Authentication - 
Get-AzureADUser









Skype for Business Online with Modern Authentication -
Get-CSTenant









Security and Compliance Center with Modern Authentication -
Get-DlpSensitiveInformationType








Azure Resource Manager with Modern Authentication -
Get-AzureRMContext







Azure AD Rights Management with Modern Authentication -
Get-AADRM




Exchange Online Protection
Note that the Exchange PowerShell Modern Auth connection will also allow you to administer Exchange Online Protection.
Run the cmdlet - Get-HostedConnectionFilterPolicy to confirm










-----------------------------------------------------------------------------------------------------

Connecting to Office 365 via PowerShell with Modern Authentication (MFA enabled account).
The process for connecting to Office 365 via PowerShell with Modern Authentication using a Multi-Factor Authentication enabled account is exactly the same. The only difference is that when you are logging in with an MFA enabled account, you will be prompted to supply the PIN that is sent to your mobile / cell phone.

Run the connection script as normal. In this example I will connect to SharePoint Online.
Select and click the button - Connect to SharePoint Online









The script will open up the login Modern Authentication login window to connect to SharePoint Online. At this stage, SharePoint Online Modern Authentication does not support pre-populating the UPN.
Enter the user name that is enabled for MFA
Enter your password and click - Sign in -


Office 365 will accept the password, and then prompt for the verification code sent to your preferred MFA verification source.






















Once you enter your verification code you will connect.

If you only need to connect to SharePoint Online, simply press the OK button on the PowerShell form. This will close the PowerShell form window.
















Once the window is closed, the PowerShell script will be finished and you will be able to run PowerShell cmdlets for Exchange Online.

Follow the steps previously mentioned if you would like to connect to multiple services in the one window.

---------------------------------------------------------------------------------------------------------

Support Links -
Please click on the support links on Windows Forms GUI to take you straight to the info you need.
Support URLs - Takes you to my Modern Auth - MFA support page.
TechNet Gallery - Takes you to my TechNet Gallery contributions
Technical Blog - Takes you this technical blog
Check Script Version - Takes you directly to the TechNet download page to download an updated version if available.

---------------------------------------------------------------------------------------------------------

Congratulations - 
You have successfully connected to Office 365 via PowerShell with Modern Authentication.

---------------------------------------------------------------------------------------------------------

No comments:

Post a comment