Insights How to Connect to Exchange Online with MFA enabled

How to Connect to Exchange Online with MFA enabled

If you are an organization following best practices for protecting your environment in the cloud you have inevitably enabled Multi Factor Authentication on your administrator logins. In this configuration you have either chosen to use the included Azure MFA cloud service or completed a federated installation to use either Microsoft’s on premise installation of Azure MFA or another competing product such as RSA’s SecurID. In doing this as an Exchange Administrator you likely realized that you lost the ability to use PowerShell with Exchange Online as you cannot create a new remote PowerShell session with MFA enabled as Exchange Online remote PowerShell requires you to use basic authentication. This limitation is no more and I will go through the process to connect to Exchange Online PowerShell remotely with MFA enabled.

NOTE: This is currently a feature that is in preview at the time of this blog post.

To get things started login to the Exchange admin center in Office 365

Once you’ve accessed the EAC go to the Hybrid menu blade and select configure to download and install the new Exchange Online PowerShell Module that supports MFA.

This will initiate a click to run application install that you will need to complete.
NOTE: I experienced difficulties with the click to run installation when attempting this through Google Chrome vs Internet Explorer.

Once this has been installed you will have a new PowerShell window open with which you can connect to Exchange Online using an account protected by MFA. For future runs you can find the PowerShell module in your start menu as “Microsoft Exchange Online PowerShell Module.”

Connecting to Exchange Online is as simple as you seen in the help by running Connect-EXOPSSession -UserPrincipalName <UPN> IE: Connect-EXOPSSession -UserPrincipalName 
When you connect, you will be prompted to perform a MFA challenge as part of the sign in process.

After successfully authenticating the command will connect to Exchange Online and import your PowerShell Session for you to continue your administration session as you would normally.

Hopefully this helps your organization increase their usage of best practices and closer follow Microsoft’s Password Guidance for all users which you can always reference here: