Connect to Exchange Online PowerShell without Basic Authentication

Most admins rely on PowerShell to manage and audit their Office 365 organization. As an admin, you might have heard about Microsoft Deprecating Basic Authentication in Exchange Online by Oct 31, 2020.

If your organization rolled out MFA, you need to use different approach to connect to Exchange Online PowerShell with MFA because New-PSSession doesn’t support MFA. For MFA enabled account, you need to use Connect-EXOPSSession which requires you to install Exchange Online Remote PowerShell Module. Whatever you do to improve the security, still both approaches use Basic Authentication (I can feel your pain) 

So, how will you connect to Exchange Online PowerShell without Basic Authentication? It’s SIMPLE!! By using Modern Authentication. Now I can hear your query: How can I connect to Exchange Online PowerShell with Modern Authentication? Don’t worry! I have a solution. You’re gonna love me forever for what I’m about to share with you! 

  1. Have you ever wanted to use the single cmdlet to connect Exchange Online with both MFA and non-MFA account?
  2. Are you trying to find an alternative method to connect Exchange Online PowerShell Without Basic Authentication?
  3. Have you ever wanted to install Exchange Online PowerShell module from PowerShell Gallery? 
  4. Whether your script takes hours to complete? Or data retrieval interrupted due to session expiry/disconnect?

All your question has single answer: Use the Exchange Online PowerShell V2 Module 

 

Advantage of using Exchange Online PowerShell V2 Module: 

  • EXO V2 module uses Modern Authentication. i.e, you can connect to Exchange Online PowerShell with Modern Authentication.
  • You can download EXO V2 module easily from PowerShell gallery. 
  • Single cmdlet ‘Connect-ExchangeOnline’ let you connect to Exchange Online PowerShell with MFA and non-MFA account. 
  • EXO V2 cmdlets are REST API-based cmdlets that are much faster and more reliable.
  • EXO V2 module contains new cmdlets like Get-EXOMailbox, Get-EXOMailboxStatistics, Get-EXOMailboxFolderPermission that are optimized for bulk data retrieval. 
  • The older cmdlets like Get-Mailbox, Get-MailboxStatistics, Get-MailboxFolderPermission are still available in the EXO V2 module for backward compatibility. 

 

Install Exchange Online PowerShell V2 Module: 

Exchange Online PowerShell V2 module allows you to connect Exchange Online PowerShell with Modern Authentication. To install EXO V2 module, follow the below steps.

Step 1: Start Windows PowerShell with the “Run as administrator” option. 

Step 2: Install PowerShellGet Module. To install the ExchangeOnlineManagement module, you need PowerShellGet 2.0 or later version. Else, you end up with an error. 

Step 3: After installing PowerShellGet module, close the console, and reopen it with admin privilege(elevated). 

Step 4: Run below cmdlet to install Exchange Online PowerShell V2 Module (ExchangeOnlineManagement) 

 

After successful installation of ExchangeOnlineManagement module, EXO V2 cmdlets are imported into your Windows PowerShell session. After installing the EXO V2 module, you can only see new cmdlets in the module. Once you create session to Exchange Online environment, you can see the older remote PowerShell cmdlets. 

Note: To ease your installation and connection to Exchange Online PowerShell, we have documented Connect-ExchangeOnline troubleshooting tips at the bottom. 

 

Connect to Exchange Online PowerShell With Modern Authentication: 

Connect-ExchangeOnline cmdlet allows you to connect Exchange Online PowerShell without Basic Authentication. This cmdlet only available in EXO V2 module. 

You can use Connect-ExchangeOnline cmdlet for both MFA and non-MFA account to connect Exchange Online PowerShell.  

Run below cmdlet to connect Exchange Online PowerShell with/without MFA 

It will prompt for username and password. After entering credential, if you don’t receive any error means you successfully connected to Exchange Online. Yes! you have connected to Exchange Online PowerShell without basic authentication!

The successfully connected screen looks similar to the below screenshot. 

Connect to Exchange Online without Basic Authentication

To check the connectivity, you can run Get-EXOMailbox cmdlet and see results. 

 

Additional Usecases for Connect-ExchangeOnline: 

1.Passing credential in Connect-ExchangeOnline

If you are using a non-MFA account to connect Exchange Online PowerShell, you can pass the credential in the Connect-ExchangeOnline cmdlet. This can be achieved by running below cmdlets. 

 

2.Passing username in Connect-ExchangeOnline 

If you are connecting Exchange Online PowerShell with multi-factor authentication, you can’t pass the credential as it requires verification code. Still, you can pass your username in the Connect-ExchangeOnline cmdlet. 

 

ExchangeOnlineManagement: Troubleshooting Tips

1. PowerShellGet version:  

In order to install Exchange Online PowerShell V2 module, PowerShellGet version must be 2.0 or later. Else you will have following error message. 

WARNING: The specified module 'ExchangeOnlineManagement' with PowerShellGetFormatVersion '2.0' is not supported by the current version of PowerShellGet. Get the latest version of the PowerShellGet module to install this module, 'ExchangeOnlineManagement '.

 ExchangeOnlineManagement

Solution: To install or update PowerShellGet latest version, run the below cmdlet. 

 

2. Set execution policy: 

Windows PowerShell needs to be configured to run scripts, and by default, it isn’t. In that case, you will get the following error. 

Files cannot be loaded because running scripts is disabled on this system. Provide a valid certificate with which to sign the files.

Connect to Exchange Online PowerShell Modern Authentication

Solution: To resolve this error, you need to run the below cmdlet. 

 

3. Connect-ExchangeOnline with MFA enabled account: 

When you pass MFA enabled account’s credential using Get-Credential, you will get below error (because Get-Credential cmdlet doesn’t support MFA enabled accounts). 

New-ExoPSSession : AADSTS50076: Due to a configuration change made by your administrator, or because you moved to a new location, you must use multi-factor authentication to access.

Connect Exchnage Online PowerShell with Modern Authentication

Solution: To Connect-ExchangeOnline with MFA enabled account, run the below cmdlet. It will prompt for credential and verification code. 

 

4. ‘Connect-ExchangeOnline‘ is not recognized as the name of a cmdlet:

In order to run Connect-ExchangeOnline cmdlet, you must install Exchange Online PowerShell V2 module. Else, you will get error during connection. 

Connect-ExchangeOnline : The term 'Connect-ExchangeOnline' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

Connect-ExchangeOnline : The term ‘Connect-ExchangeOnline‘ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. 

Connect-ExchangeOnline

Solution: Install EXO V2 module. 

 

5.Using EXO V2 module in PowerShell scripts:

If you are using both Connect-ExchangeOnline and Connect-MsolService in your PowerShell script, you might face the below issue.

Get-EXOMailbox: Failed to acquire token silently as no token was found in the cache. Call method AcquireToken.

This issue occurs because of loading Azure MsOnline module after loading the EXO V2 module. I hope this issue will be resolved soon by Microsoft.

ExchangeOnlineManagement

Solution: You can connect to the EXO V2 module after connecting to Connect-MsolService as a workaround.

 

6.Using EXO V2 cmdlets in Exchange Online Remote PowerShell Module: 

When you trying to run EXO V2 cmdlets like Get-EXOMailbox,GetEXOMailboxFolderPermissions, Get-EXOReciepientetc in Exchange Online Remote PowerShell Module, you will endup with following error. 

Get-EXOMailbox : No valid token was found in the cache, please run Connect-ExchangeOnline.
 Install ExchangeOnlineManagement module

Solution: To run EXO V2 cmdlets, you need to install ExchangeOnlineManagement module. 

We have documented EXO V2 cmdlets and their equivalent older cmdlets below. 

 

EXO V2 Cmdlets and Their Equivalent Older Cmdlets: 

EXO V2 cmdlets REST API-based cmdlets that are faster and more reliable when compare to older Exchange Online cmdlets. Still, EXO V2 Module supports older cmdlets for backward compatibility.    

Old Cmdlets  EXO V2 Cmdlets 
Get-Mailbox    Get-EXOMailbox   
Get-MailboxFolderPermission  Get-EXOMailboxFolderPermission 
Get-CASMailbox  Get-EXOCASMailbox 
Get-MailboxFolderStatistics    Get-EXOMailboxFolderStatistics   
Get-MailboxPermission            Get-EXOMailboxPermission          
Get-MobileDeviceStatistics  Get-EXOMobileDeviceStatistics 
Get-Recipient  Get-EXORecipient 
Get-RecipientPermission  Get-EXORecipientPermission 

Microsoft is planning to upgrade the remaining cmdlets too. Soon you can expect more Exchange Online REST-based Powershell cmdlets.

Have you tried these fast REST-cmdlets in your script? How quick data retrieval happened? You can share your test result with other admins and us through the comment section.

 

Connect to Exchange Online PowerShell without Basic Authentication – Conclusion:

The ExchangeOnlineManagement module is a valuable addition to the PowerShell gallery. It helps admins to connect Exchange Online PowerShell (both MFA and non-MFA accounts) with a single cmdlet. Since Exchange Online PowerShell V2 module is currently in preview, you can send your feedback or any concerns to Microsoft through exocmdletpreview@service.microsoft.com. Happy scripting!