The Exchange Online PowerShell module uses modern authentication and works with multi-factor authentication for connecting to Exchange Online PowerShell. It is possible to connect to Exchange Online Remote PowerShell by issuing an authentication token for an application released as “ExchangeOnlineManagement” PowerShell module by Microsoft itself based on an application ID:
fb78d390-0c51-40cd-8e17-fdbfab77341b
An authentication header can be used instead of a password to authenticate a PowerShell session.
It is possible to use MSAL.NET to retrieve a token by user credentials (username and password) that includes the required permissions to connect to Remote PowerShell. To enable this feature, a special service user with a corresponding set of permissions must be created as illustrated by the steps bellow.
-
Log in to Azure Active Directory admin center and go to Users. Click New user:
-
Select the option Create user. Specify the following identity parameters:
-
User name: the display name of a new user
-
Name: the username of a new user
-
Password
-
Now a role needs to be created. Go to Exchange admin center. Select permissions > admin roles. Click the plus sign to create a new role:
-
Specify a role group name and add a required role to it. Assign the created user to this role group and click Save:
Figure 388: Azure AD admin center – users: new user
The domain part of the username must use the initial default domain name.
Click Create to complete your changes:
Figure 389: Azure AD admin center – creating new user
Note that some time is required to propagate and synchronize a newly created user in Exchange Online.
Figure 390: Exchange admin center – admin roles
Figure 391: Role group view