Security and Compliance portals act as virtual guardians, ensuring unbeatable threat management within the Microsoft 365 environment. Periodical management of these portals is crucial to detect threats. In such a way, for smaller organizations, it is easy to manually manage Microsoft 365 Defender and Microsoft Purview Compliance. But when coming to a larger organization, it is a tedious task. As with giving a full stop to your tedious work, PowerShell came in! With PS, you can connect to Security and Compliance PowerShell using Connect-IPPSSession, for effort-free management.
But there is a check point! Admins widely use RPS method to connect Security and Compliance PowerShell using Connect-IPPSSession. But Microsoft is going to deprecate RPS soon. You might have thought that there would be no way for this. But Microsoft lends you another method instead of RPS!
Exited to know about the method, right? Let’s look into this blog to know about the steps to connect to the security & compliance center using the new method.
What is Security and Compliance PowerShell?
Security and Compliance PowerShell enables you to manage all the features available in the Microsoft 365 Defender and Microsoft Purview Compliance portal. For example, you can manage audit logs and Data Loss Prevention policy using Security and Compliance PowerShell.
Benefits of Security and Compliance PowerShell
- Security & compliance PowerShell enables you to audit threat investigations, and policy configurations with just simple command lines such as New-DlpCompliancePolicy, Get-PolicyConfig, etc.
- It contains rich suits of PowerShell cmdlets saving your time and effort, thereby ensuring quick accomplishment of tasks.
REST API Replaces RPS to Connect Security and Compliance PowerShell
Nowadays, you may use RPS method to connect to Security and Compliance PowerShell. But, as per the MC586563, Microsoft has planned for RPS retirement from Security and Compliance PowerShell starting July 15. So, users need not use legacy RPS protocol in the Security and Compliance PowerShell. Instead, the RPS-based cmdlets will execute as REST API calls.
To help you to eliminate disruptions from RPS elimination, we are moving this blog towards connecting Security and Compliance PowerShell using REST API. However, EXO 3.2.0 and later modules support REST API. So, let’s start with the installation of the latest version.
1.Install Exchange Online PowerShell Module
To connect to the Security and Compliance center using Connect-IPPSSession using REST API, you need the latest version EXO 3.2.0.
You can install the latest version by running the below cmdlet
1 |
Install-Module -Name ExchangeOnlineManagement |
Clear, right? Let’s delve into further steps.
2. Import Exchange Online PowerShell Module
Once done with the installation of the Exchange Online module, you can now move to import the EXO module. If you have already installed the EXO module, you can skip the below cmdlet.
1 |
Import-Module ExchangeOnlineManagement |
3. Connect to Security and Compliance Portal Using Connect-IPPSSession
After giving a tick to the loading of the EXO module, you can now connect to the Security and Compliance portal using Connect-IPPSSession.
You can connect to Security and Compliance PowerShell using any of the below cmdlet,
1 |
Connect-IPPSSession -UserPrincipalName <userEmail> |
Simple Script to Automatically Install and Connect to Security & Compliance PowerShell
You can simply use the PowerShell script below to automatically install EXO 3.2.0 and connect to Security & Compliance center.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
$Module = Get-InstalledModule ExchangeOnlineManagement -ErrorAction SilentlyContinue if ($Module.Version -ne "3.2.0") { Write-Host "Exchange Online PowerShell V3.2.0 module is not available" -ForegroundColor Yellow $Confirm = Read-Host "Are you sure you want to install the module? [Y] Yes [N] No" if ($Confirm -match "[yY]") { Write-Host "Installing Exchange Online PowerShell module version 3.2.0" Install-Module -Name ExchangeOnlineManagement Import-Module ExchangeOnlineManagement } else { Write-Host "EXO V3.2.0 module is required to connect to Exchange Online. Please install the module using the Install-Module ExchangeOnlineManagement cmdlet." Exit } } # Connect to Security and Compliance PowerShell Write-Host "Connecting to Security and Compliance PowerShell..." Connect-IPPSSession |
App-only Authentication for Unattended Scripts in Security and Compliance PowerShell
The app-only authentication supports authentication using Azure AD apps and self-signed certificates.
Using Certificate Object -You can connect to Security and Compliance PowerShell using the certificate. This certificate need not be installed on the system, it can be stored remotely. It gets fetched dynamically when the script runs.
1 |
Connect-IPPSSession -Certificate <CertificateObject> -AppID <AppId> -Organization <organizationId> |
Using Certificate Thumbprint-You can run the below cmdlet to connect to Microsoft 365 Defender and Compliance portal using certificate thumbprints. This will not require any interactive user input and credentials.
1 |
Connect-IPPSSession -AppId <IdOfTheApp> -CertificateThumbprint <ThumbprintStringOfCertificate> -Organization <organizationName> |
Using local certificate– You can use the certificate password to connect to the Security and Compliance portal. To do so, follow the below cmdlet.
1 |
Connect-IPPSSession -CertificateFilePath <PathOfTheCertificate> -CertificatePassword (Get-Credential).password -AppID <AppId> -Organization <OrganizationName> |
Disconnect Exchange Online PowerShell Module
It is recommended to disconnect the session after use. If not, then all the sessions get used up and you have to wait to have a new one till the existing session expires.
To disconnect the session, run the below cmdlet
1 |
Disconnect-ExchangeOnline |
This will above cmdlet prompts you for the confirmation.
You can also disconnect without getting confirmation prompt using below cmdlet
1 |
Disconnect-ExchangeOnline -Confirm:$false |
Trouble Shooting Common Errors
By the way, to confirm a successful connection to the Security and Compliance portal, execute the Get-DlpCompliancePolicy cmdlet. If it runs without any error, you can validate your connection.
What to do if an error occurs?
If the error occurs, you should check the following to solve it.
1. Most of the errors occur due to incorrect passwords.
AADSTS50126: Error validating credentials due to invalid username or password.
Solution: So, try out the steps again and enter correct credentials.
2. The connection error occurs when the client’s IP address changes at the time of the connection request. In fact, this occurs when your organization has a SNAT pool containing multiple IP addresses. The error looks like,
The request for the Windows Remote Shell with ShellId <ID> failed because the shell was not found on the server. Possible causes are: the specified ShellId is incorrect or the shell no longer exists on the server. Provide the correct ShellId or create a new shell and retry the operation.
Solution: In order to fix this, make use of SNAT having single IP address.
3. If you are not installed the necessary modules such as the PowerShellGet module and the Package Management module, you may encounter errors while connecting using REST API. It looks like,
The term ‘Update-ModuleManifest’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
Solution: By the way, to resolve this error, install PowerShellGet module and Package Management module.
4. Sometimes you can get avoid denial-of-service (DoS) errors, while connecting through UseRPSSession switch like,
Fail to create a runspace because you have exceeded the maximum number of connections allowed.
Solution: In this case, you need to check and close the sessions that you have already opened.
Hassle-free O365 Security and Compliance Management with AdminDroid
It’s true PowerShell indeed helps you to manage Security and Compliance features. But if you are new to PowerShell, then the above module, script, and cmdlets are slightly challenging to grasp. Then, how will you be able to manage? Here is where AdminDroid is stepping in! Yeah, AdminDroid provides a profound insights for effective Security and Compliance management within the M365 environment.
With AdminDroid’s Security and Compliance reports, you can ensure heightened protection as it enables you to audit security policies and rule-based events such as safe links, safe attachments, malware/spam filters, and audit log retention changes, Date Loss Preventions at doorstep.
Still, waiting? Start to use AdminDroid Microsoft 365 management tool for improved threat protection.
Effortlessly protect your Office 365 environment by watching over Security and Compliance center with AdminDroid !
We hope this blog gives you clear steps to connect to Security and Compliance center. Furthermore, feel free to reach us in the comment section for any assistance needed.