Connecting to all Office 365 Services with PowerShell and Multi Factor Authentication

March 12, 2018

You cannot have full control of your Office 365 tenant, if you do not know how to use PowerShell for Office 365, since there are a ton of configurations, and settings that are only configurable via PowerShell, and not via the Office 365 Admin Center! Not to mention, all the automation capabilities that PowerShell allows you to script, so you save time and money. Since most accounts admin accounts are (or should be) configured with Multi Factor Authentication, here is a small guide on how to connect to all the Office 365 services with PowerShell and Multi Factor Authentication enabled!

Azure Active Directory

Once you have the Azure Active Directory module installed, connecting with Multi Factor Authentication is done by specifying the AccountId parameter, and not a full credential object as we would do with single factor authentication. This will Open up a window, asking you to enter the password for that account, and then your second authentication method as seen below.

Connect-AzureAD -AccountId jeff.collins@globomantics.org

SharePoint Online

When we connect to SharePoint Online using PowerShell, we use the Connect-SPOService cmdlet as usual as well as the URL parameter, which is the URL of your SharePoint Online Admin Center, and simply skip specifying the -Credentials parameter. This will open a pop-up window asking for our credentials, as well as the second method of Authentication as you can see below!

Connect-SPOService -Url https://<SP Admin Center>.sharepoint.com

Exchange Online

While the previous two were easy, this one is a bit more complicated since we need to download a module, whereas to connect with Single Factor Authentication there is nothing to download! From the Exchange Online Admin Center, go to the Hybrid section, and click on Configure under the Exchange Online PowerShell module.

You need to do this with Internet Explorer, or else you will be getting a beautiful “Application Cannot Be Started” error as we talked about in this blog! Exchange Online PowerShell Module Error: Application Cannot be Started – Contact the Application Vendor

Once you have the Exchange Online Module, you need to use the Connect-EXOPSSession PowerShell cmdlet, and specify the user account that you will be connecting with.

Connect-EXOPSSession -UserPrincipalName jeff.collins@globomantics.org

If you are in Office 365 Germany, you need to provide a few more parameters, as seen in the following example.

Connect-EXOPSSession `
-UserPrincipalName jeff.collins@globomantics.org `
-ConnectionUri https://outlook.office.de/PowerShell-LiveID `
-AzureADAuthorizationEndPointUri https://login.microsoftonline.de/common

Office 365 Security and Compliance Center

To connect to the Office 365 Security and Compliance Center with Multi Factor Authentication, you need the same PowerShell module as Exchange Online, about which we talked earlier, but you will be using the Connect-IPPSSession PowerShell cmdlet as seen in the following example.

Connect-IPPSSession -UserPrincipalName jeff.collins@globomantics.org

If you are part of Office 365 Germany, you will need to provide the additional parameters seen below.

Connect-IPPSSession `
-UserPrincipalName jeff.collins@globomantics.org `
-ConnectionUri https://ps.compliance.protection.outlook.de/PowerShell-LiveID `
-AzureADAuthorizationEndPointUri https://login.microsoftonline.de/common

Skype for Business

To connect to Skype for Business Online using Multi Factor Authentication , you need to use the New-CSOnlineSession PowerShell cmdlet

$Session = New-CsOnlineSession -UserName jeff.collins@globomantics.org
Import-PSSession $Session

Microsoft Teams

To Connect to Microsoft Teams, you use the Connect-MicrosoftTeams PowerShell cmdlet, and specify the -AccountID parameter. Similar to the other services, you will get a prompt asking you to input your password, and second method of authentication.

Connect-MicrosoftTeams -AccountId jeff.collins@globomantics.org

That is it, we have now looked at how to connect to all Office 365 Services, using PowerShell and Multi Factor Authentication!

Leave a comment and don’t forget to like the Vlad Talks Tech Page on Facebook and to follow me on Twitter here for the latest news and technical articles on SharePoint. I am also a Pluralsight author, and you can view all the courses I created on my author page.

Powershell

May 10, 2018 at 4:05 pm
Dean Gross
If we have MFA, do we have to download the module from the Admin Center every time we want to login? I have done this before and it no longer works, so I’m thinking I may need to do it again.
- May 11, 2018 at 2:47 pm
  Vlad Catrinescu
  In theory you shouldn’t have to.. it should be “installed” and visible from your apps in the start menu!
May 30, 2018 at 12:05 pm
Cliff Fernandes
Company uses MFA. I have been given a SharePoint Admin account by global admin. Does the account need to be configured to use MFA? And also my company laptop is 32bit Windows 7 SP1. Do I need to install the 32bit SharePoint Management Shell even though it’s not supported by Microsoft for scripts to work?
November 18, 2018 at 4:48 am
DR
It all works well when human is interacting with power shell.
How can we implement the MFA scenarios on power shell automation.For example if i want to iterate all AD users using Get-AzureADUser and my account is MFA enabled.
- January 23, 2019 at 11:13 am
  Vlad Catrinescu
  Unfortunately you can’t really ;(. I would look at setting soemthing up with Azure Automation and Azure Key Vault to store the passwords for your “automation” service accounts!
January 6, 2019 at 2:50 am
MHumberto
Thanks .. I looked in more than 6 sites to get this working… I got it to work with your instructions!
January 8, 2019 at 10:17 am
J Schmidt
We have turn MFA on and I am now trying to set up Hybrid Taxonomy in SP. The command needs to run on the SP onprem servers. It appears to not be able to authenticate properly back to the cloud. Have you heard of anyone trying to use this? I can successfully connect with Connect-SPOservice, but these are not the credentials it wants to use.
- January 18, 2019 at 1:37 pm
  Vlad Catrinescu
  From what I’ve heard from some colleagues, when running that cmdlet you need a cloud only account without MFA enabled! I am not sure if this is officially documented anywhere, but my colleague worked on a MS ticket on this!
January 16, 2020 at 10:06 am
Vikas Sequeira
Can we use PowerShell with MFA for developers to connect to Azure?
- January 19, 2020 at 1:05 pm
  Vlad Catrinescu
  What module you have in mind that’s missing? I can add it here!