Office 365 Tutorials

In a previous article, I explained how to connect to Office 365 with PowerShell. In this article, we explore how to use PowerShell to connect to Exchange Online. This can vary based on what authentication method you have configured for your admin account. The sections below cover each authentication method.

1. If your admin account has MFA enabled
2. If your admin account has MFA disabled
3. If you are using ADFS (SSO)
4. Prereqs for older operating systems
5. Let’s script this instead

Let’s get started!

If your admin account has MFA enabled

If your administrator account has multi-factor authentication enabled you won’t be able to use the built-in PowerShell. Instead, you will need to download the Exchange Online PowerShell Module.

To do this, log into the Office 365 Admin Center, navigate to the Exchange Admin Center, and click the Hybrid tab.

From the hybrid tab, click the second Configure button (under the text that states The Exchange Online PowerShell Module supports multi-factor authentication).

Note: You can only download this with Internet Explorer. This module will error out if you use Chrome or Firefox.

This will create a new icon on your desktop named Microsoft Exchange Online Powershell Module. Double-click Microsoft Exchange Online Powershell Module.

This will launch PowerShell with the Exchange Online Module preloaded. To connect we will use the Connect-EXOPSSession cmdlet. In this cmdlet swap the -UserPrincipleName parameter for your administrator’s login name.

 C:\> Connect-EXOPSSession -UserPrincipalName globaladmin@contoso.com

This command should launch a web pop-up. Enter your Password and click Sign in.

If you have ever tried to tweak the password policy in Office365 then you have likely encountered this warning.

Unfortunately, this restricts us to a password that can never be used for more than 730 days (2 years). Anything outside that range and you receive an error like the one above.

Does this mean that a password must expire?

Well, no, it does not have to.

Now password expiration is a best practice but, you may have a situation that necessitates having a more permanent password. One such example could be a service account for a network copier. The copier would use this account to perform scan-to-email functions. A user would scan a hardcopy of a document into the scanner and send it to email leveraging Office 365.

Most likely, you are never going to log with the scanner account. This means you will never see the expiration notice. You could set up a calendar reminder for yourself. You could also plaster your monitor with sticky notes. But, more than likely, your scan-to-email will break one day and leave you scratching your head as to why.

So, how do you set a password to never expire? The Admin Center gives you an error. So, what is left?

Office 365 is great, but the Admin Center does not bode well for bulk tasks. What might take an insanely massive amount of time in the graphical user interface may only take seconds in PowerShell.

In the first part of this article, we discuss all the prerequisites required to make the connection. The second part discusses how to make the connection.

Prerequisites

Before we can connect we need to download the Microsoft Online Services Sign-In Assistant. You can get that here: https://www.microsoft.com/en-us/download/details.aspx?id=41950

Once downloaded, run the executable. On the first screen click the Next button.

Check the box to accept the license agreement and click the Install button.

Click Finish.