This article explains how to connect to Exchange Online with PowerShell, using an account that has been enabled for 2FA.
If you try to connect using these instructions (click here) you won’t be able to. To connect using an account enabled for 2FA, you need to use the Connect-EXOPSSession cmdlet.
To get the Connect-EXOPSSession cmdlet, you need to install the Exchange Online Remote PowerShell Module.
You need to be running one of the following versions of Windows OS:
- Windows 10
- Windows 8.1
- Windows Server 2016
- Windows Server 2012 or Windows Server 2012 R2
- Windows 7 Service Pack 1 ~
- Windows Server 2008 R2 SP1 ~
~ Note: for Windows 7 Service Pack 1 & Windows Server 2008 R2 SP1: .NET Framework 4.5 or later needs to be installed, and then an updated version of the Windows Management Framework (one of either 3.0, 4.0, or 5.1).
How to install Exchange Online Remote PowerShell Module
Log into the Exchange Admin Center (EAC).
On the left menu, click on hybrid. This takes you to setup, click on configure (the second option – “The Exchange Online PowerShell Module supports multi-factor authentication. Download the module to manage Exchange Online more securely”).
You’ll get the Application Install – Security Warning window for the Microsoft Exchange Online Powershell Module. Click Install.
A Windows PowerShell window will open. To launch future sessions, open the Exchange Online Remote PowerShell Module.
Run the following PowerShell command:
Connect-EXOPSSession -UserPrincipalName <UPN>
Connect-EXOPSSession -UserPrincipalName firstname.lastname@example.org
The sign-in window will open, enter your password, and then click Sign in.
As the account is enabled for 2FA, a verification code will be generated and delivered based on the verification response option configured for the relevant account.
Here it’s a SMS message.
When prompted for verification, enter the verification code, and then click Sign in.
I’m now connected to Exchange Online with a MFA account:
As always, be sure to disconnect the remote PowerShell sessions to Exchange Online when you’re done. Run the following PowerShell command:
Get-PSSession | Remove-PSSession