Connecting to Office 365 Through Powershell — Exchange Online

Exchange Online Powershell allows you to manage Exchange Online settings from the command line.

Photo by Kevin Bhagat on Unsplash

Important Note: There are different commands for connecting to Exchange Online when you’re on multi-factor authentication (MFA) and to Exchange Online Protection (EOP) standalone. This blog also covers both scenarios.

Set Execution Policy

Setting Execution Policy should only be done once. If you have set this on your tenant already, you may skip this section.

Step 1: Open Windows Powershell and run it as an administrator

Step 2: Run the following command to require all Powershell scripts that you download from the internet are signed by a trusted publisher

Set-ExecutionPolicy RemoteSigned

• If you skip this step, you’ll get the following error:
  — Files cannot be loaded because running scripts is disabled on this system. Provide a valid certificate with which to sign the files.

Connect to Office 365 Exchange Online

Step 1: Enter your Office365 global administrator credentials with the following command.

$UserCredential = Get-Credential

• If the credentials are incorrect, you will encounter “Access Denied” errors.

Step 2: Create a variable for the session

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/-Credential $UserCredential -Authentication Basic -AllowRedirection

• This will create a variable for the exchange session.

Note that there are different Connection URI values as follows:

• For Office365 operated by 21Vianet (China)
  https://partner.outlook.cn/Powershell
• For Office365 Germany
  https://outlook.office.de/powershell-liveid/
• For Office365 Government Community Cloud High (GCC High)
  https://outlook.office365.us/powershell-liveid/

Step 3: Create a session

Import-PSSession $Session -DisableNameChecking

Step 4: Disconnect from the session

Remove-PSSession $Session

• Always make sure to disconnect your session once you’re finished because you could use up all the Powershell available to you and need to wait for the session to expire.

Connect to Exchange Online using Multi-Factor Authentication (MFA)

Step 1: Download the Exchange Online Powershell module that supports MFA.

• https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application
• or download it manually by going to Exchange Admin Center > Hybrid Set up > Configure

If you encounter errors below, it means that the basic authentication is disabled in the system:
— The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration. Change the client configuration and try the request again.

Resolve it by running:

winrm set winrm/config/client/auth @{Basic=”true”}

• If you encounter errors like application vendor not supported, resolve it by downloading and installing the module using Internet Explorer.

Step 2: Launch the Microsoft Exchange Online Powershell Module and connect to Exchange Online using MFA:

Connect-EXOPSSession -UserPrincipalName jj@jj365.com

• You have to include Connection URI if you are connecting using different Office365 Offering:

An example of connecting to Exchange Online Germany using MFA:

Connect-EXOPSSession -UserPrincipalName jj@jj365.com -ConnectionUri https://outlook.office.de/PowerShell-LiveID -AzureADAuthorizationEndPointUri https://login.microsoftonline.de/common

Step 3: Enter your Office365 Admin credentials. It is also going to ask you to verify from your phone.

Step 4: Be sure to disconnect the session after you’re finished.

Get-PSSession | Remove-PSSession

Connecting to Exchange Online Protection (EOP Standalone) Powershell

Exchange Online Protection (EOP) Powershell allows you to manage your EOP stand-alone settings through the command line. EOP Standalone Subscription helps you protect your on-premise organization from spam and other unwanted emails.

Step 1: Open the normal windows Powershell window and run it as an administrator

Step 2: Run this command: (Enter your Office365 Administrator credentials)

$UserCredential = Get-Credential

Step 3: Create a variable for the session to connect to EOP:

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Different Connection URI values:

• For Office365 Germany
  https://ps.protection.outlook.de/powershell-liveid/
• For EOP Subscriptions that are Exchange Enterprise CAL with services (includes DLP and report using web services)
  https://outlook.office365.com/powershell-liveid/

Step 4: Import the session

Import-PSSession $Session -DisableNameChecking

Step 5: Remove the session

Remove-PSSession $Session

References:

• https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/connect-to-exchange-online-powershell?view=exchange-ps
• https://docs.microsoft.com/en-us/powershell/exchange/exchange-online/connect-to-exchange-online-powershell/mfa-connect-to-exchange-online-powershell?view=exchange-ps
• https://docs.microsoft.com/en-us/powershell/exchange/exchange-eop/connect-to-exchange-online-protection-powershell?view=exchange-ps