If you use MFA (multi factor authentication) you might very soon recognize that the normal power shell connection is not working (e.g. you might get an “access denied”) error:
The full error message is:
New-PSSession : [outlook.office365.com] Connecting to remote server outlook.office365.com failed with the following error message :
[ClientAccessServer=VI1PR08CA0018,BackEndServer=,RequestId=1c6b263f-08cf-1234-1234-123456789091,TimeStamp=24/06/2019
9:35:39 PM] Access Denied For more information, see the about_Remote_Troubleshooting Help topic.
At line:1 char:12
+ $Session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne …
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : -2144108477,PSSessionOpenFailed
To use PowerShell with MFA you need to perform the following steps using Internet Explorer :
1. Login to the Exchange Online ECP (https://outlook.office365.com/ecp) and switch to the Hybrid section. There is a 2nd option, which offers “Exchange Online PowerShell Module supports multi-factor authentication” which needs to be installed
2. Once installed you can use the following PowerShell commands to connect to Exchange Online via PowerShell using MFA:
$office365UserPrincipalName = “admin@site.contoso.com”
$PSExoPowershellModuleRoot = (Get-ChildItem -Path $env:userprofile -Filter CreateExoPSSession.ps1 -Recurse -ErrorAction SilentlyContinue -Force | Select -Last 1).DirectoryName
$ExoPowershellModule = “Microsoft.Exchange.Management.ExoPowershellModule.dll”;
$ModulePath = [System.IO.Path]::Combine($PSExoPowershellModuleRoot, $ExoPowershellModule);
Import-Module $ModulePath;
$Office365PSSession = New-ExoPSSession -UserPrincipalName $office365UserPrincipalName -ConnectionUri “https://outlook.office365.com/powershell-liveid/”
Import-PSSession $Office365PSSession
