Forum Discussion
Solved
Can I Connect to O365 Security & Compliance center via powershell with MFA on?
I currently use the below script to connect to the S&C Center. This does not work with MFA.
I was wondering if there is an Updated Module that I could use that supports modern authentication?
$Credential = get-credential -Credential username.com
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://ps.compliance.protection.outlook.com/powershell-liveid -Credential $Credential -Authentication Basic -AllowRedirection
Import-PSSession $Session -AllowClobber –DisableNameChecking
Nope, not yet. It's the last of the "modules" I use to get MFA support :(
The answer is Yes, the new module released for Exchange Online also includes a connection string for accessing the Security and Compliance Center.
Connect to Exchange Online PowerShell using multi-factor authentication
This will install a ClickOnce app reference to launch the console with the module pre-loaded.
When you launch the console you will see this message:
-------------------------------------------------------------------------- This PowerShell module allows you to connect to Exchange Online service. To connect, use: Connect-EXOPSSession -UserPrincipalName <your UPN> This PowerShell module allows you to connect Exchange Online Protection and Security & Compliance Center services also. To connect, use: Connect-IPPSSession -UserPrincipalName <your UPN> To get additional information, use: Get-Help Connect-EXOPSSession, or Get-Help Connect-IPPSSession --------------------------------------------------------------------------
Unfortunately, this limits the module's usefulness since we cannot run this in the ISE or on a different Powershell Console.
After some intense googling, binging I found a script that allows you to do just that.Thanks to Vasil for pointing out that the code below is already in an earlier portion of the thread, Sorry I missed that. :)
Import-Module -Name $((Get-ChildItem -Path $($env:LOCALAPPDATA + '\Apps\2.0\') -Filter Microsoft.Exchange.Management.ExoPowershellModule.dll -Recurse).FullName | ?{ $_ -notmatch '_none_' } | Select-Object -First 1) $EXOSession = New-ExoPSSession Import-PSSession -Session $EXOSession -AllowClobberYou must first install the module as indicated in the reference above.
Let me know if you have any questions.
NOTE: I should point out that I have had issues with this method when using the ISE. When the session has timed out, the ISE locks up when it comes time to prompt for credentials to reauthenticate.
i'm able to connect to exchange online by below method not security compliance center.
That method does not seem to work for connecting to the SCC.
This example is from the thread above, as I said :) And you DO need the module, so it's not just "regular" PowerShell.
Hi,
You can download the latest MFA enabled Powershell from EAC. It contains the cmdlet name connect-IPPSsession which will connect to S&C.
Does it work for you though? The cmdlet has been available for at least a month now, but every time I try to connect I get Access denied errors.
MFA seems to be working for other items, but when I try Security and Compliance, I'm getting a 500 error back from the server. See below.
PS C:\Users\Jeff> Connect-IPPSSession
WARNING: Your connection has been redirected to the following URI:
"https://nam02b.ps.compliance.protection.outlook.com/PowerShell-LiveId?BasicAuthToOAuthConversion=true;PSVersion=5.1.14409.1005 "
New-ExoPSSession : Connecting to remote server nam02b.ps.compliance.protection.outlook.com failed with the following error message : <!DOCTYPE html PUBLIC
"-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>500 - Internal server error.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>500 - Internal server error.</h2>
<h3>There is a problem with the resource you are looking for, and it cannot be displayed.</h3>
</fieldset></div>
</div>
</body>
</html>
For more information, see the about_Remote_Troubleshooting Help topic.
At C:\Users\Jeff\AppData\Local\Apps\2.0\ER689GCY.C50\E15M7H1X.VJ5\micr..tion_d8f8f667ee342b5c_0010.0000_46e6ccd01daac800\CreateExoPSSession.ps1:183 char:22
+ ... PSSession = New-ExoPSSession -UserPrincipalName $UserPrincipalName -C ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ResourceUnavailable: (:) [New-ExoPSSession], PSRemotingTransportException
+ FullyQualifiedErrorId : System.Management.Automation.Remoting.PSRemotingDataStructureException,Microsoft.Exchange.Management.ExoPowershellSnapin.NewExoP
SSession
Awesome SATYAM GUPTA!
I contacted Microsoft Support today. This the response
"I am aware of this limitation however when I checked in our RoadMap site I don’t see any mentioning of this as a coming soon feature. I also checked in our Database and it appears that unlike Exchange online security and compliance current design does not support MFA connection. The suggested work around from engineering is to create one compliance account and use it for that purpose ( do not enable MFA on that account)"
Well, the latest version of the MFA-enabled ExO PowerShell module hints that this might be coming soon(ish). Fingers crossed!
Nope, not yet. It's the last of the "modules" I use to get MFA support :(
Thanks for the Response Vasil. Such a pain to have to turn of MFA to run a Purge!
