Connect to Exchange Online with PowerShell using MFA

This article explains how to connect to Exchange Online with PowerShell, using an account that has been enabled for 2FA.

If you try to connect using these instructions (click here) you won’t be able to.  To connect using an account enabled for 2FA, you need to use the Connect-EXOPSSession cmdlet.

To get the Connect-EXOPSSession cmdlet, you need to install the Exchange Online Remote PowerShell Module.

Prerequisites

You need to be running one of the following versions of Windows OS:

  • Windows 10
  • Windows 8.1
  • Windows Server 2016
  • Windows Server 2012 or Windows Server 2012 R2
  • Windows 7 Service Pack 1 ~
  • Windows Server 2008 R2 SP1 ~

~ Note: for Windows 7 Service Pack 1 & Windows Server 2008 R2 SP1: .NET Framework 4.5 or later needs to be installed, and then an updated version of the Windows Management Framework (one of either 3.0, 4.0, or 5.1).

How to install Exchange Online Remote PowerShell Module

Log into the Exchange Admin Center (EAC).

On the left menu, click on hybrid.  This takes you to setup, click on configure (the second option – “The Exchange Online PowerShell Module supports multi-factor authentication.  Download the module to manage Exchange Online more securely”).

ex-ps-mfa-01

You’ll get the Application Install – Security Warning window for the Microsoft Exchange Online Powershell Module.  Click Install.

ex-ps-mfa-02

A Windows PowerShell window will open.  To launch future sessions, open the Exchange Online Remote PowerShell Module.

ex-ps-mfa-03

Run the following PowerShell command:

Connect-EXOPSSession -UserPrincipalName <UPN>

For example:

Connect-EXOPSSession -UserPrincipalName adminstevebush@x500.co.uk

The sign-in window will open, enter your password, and then click Sign in.

ex-ps-mfa-04

As the account is enabled for 2FA, a verification code will be generated and delivered based on the verification response option configured for the relevant account.

Here it’s a SMS message.

When prompted for verification, enter the verification code, and then click Sign in.

ex-ps-mfa-05

I’m now connected to Exchange Online with a MFA account:

ex-ps-mfa-06

As always, be sure to disconnect the remote PowerShell sessions to Exchange Online when you’re done.  Run the following PowerShell command:

Get-PSSession | Remove-PSSession
Advertisements

2 comments

  1. If you do try to run Connect-EXOPSSession without having the Exchange Online Remote PowerShell Module installed, you’ll get the following error:

    Connect-EXOPSSession -UserPrincipalName AdminSteveBush@x500.co.uk
    Connect-EXOPSSession : The term ‘Connect-EXOPSSession’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
    At line:1 char:1
    + Connect-EXOPSSession -UserPrincipalName AdminSteveBush@x500.co.uk
    + ~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Connect-EXOPSSession:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s