This blog post is about enabling modern authentication on Exchange Online. Modern authentication is a requirement for conditional access for PCs. For SharePoint Online that’s enabled by default and for Exchange Online that’s disabled by default. However, that configuration is now available via PowerShell. This post is meant to show how easy this can be achieved now. Before this had to be done by enrolling in to the preview program. Now it’s publically available.
Why I’m posting about Exchange Online? Well, actually that’s quite simple, I can’t get around it. If I want to configure conditional access in Microsoft Intune standalone or hybrid, I often need to use Exchange Online. In this post I’ll go through five simple steps to connect, verify and configure modern authentication on Exchange Online.
Connect to Exchange Online
The first thing that is required is to connect to Exchange Online. The good thing about connecting to Exchange Online via PowerShell is that it doesn’t require the installation of any additional modules. Simply walkthrough the following three steps to get connected with Exchange Online.
Step 1: Provide credentials
The first step is to provide the admin credentials for the Office 365 tenant. This can be achieved fairly easy by using the Get-Credential cmdlet. That will show a Windows PowerShell credential request dialog box that can be used for providing these credentials.
$O365Credential = Get-Credential
Step 2: Create a new session
The second step is to create a new remote session to Exchange Online. This can be achieved by using the New-PSSession cmdlet. The session can be created by using the provided credentials and by providing the URI mentioned below.
$EOSession = New-PSSession -ConfigurationName Microsoft.Exchange ` -ConnectionUri https://outlook.office365.com/powershell-liveid/ ` -Credential $O365Credential -Authentication Basic -AllowRedirection
Step 3: Import the new session
The third step is to import the remote session. This can be achieved by using the Import-PSSesion cmdlet. That will import the remote commands to the current session by using providing the new session information. To connect the remote session again, simply use the Remove-PSSession cmdlet.
Enable modern authentication
The next thing is what this post is actually about, enabling modern authentication on Exchange Online. In two relatively simple steps it’s possible to verify the configuration and to enable modern authentication.
Step 4: Verify the configuration
The fourth step is to verify the current configuration of modern authentication. This can be achieved by using the Get-OrganizationConfig cmdlet. That will get the configuration data for the Exchange organization. In this case simply use a specific select to only get the OAuth* configuration.
Get-OrganizationConfig | Select Name, OAuth*
Step 5: Enable modern authentication
The fifth step is to truly enable modern authentication. This can be achieved by using the Set-OrganizationConfig cmdlet. That can configure the various settings for the Exchange organization. One of the parameters OAuth2ClientProfileEnabled can be used to enable or disable modern authentication on Exchange Online.
For more information about modern authentication, Exchange Online and PowerShell please refer to the following links:
- Connect to Exchange Online using remote Powershell: https://technet.microsoft.com/en-us/library/jj984289(v=exchg.160).aspx
- Updated Office 365 modern authentication public preview: https://blogs.office.com/2015/11/19/updated-office-365-modern-authentication-public-preview/
- Exchange Online: How to enable your tenant for modern authentication: http://social.technet.microsoft.com/wiki/contents/articles/32711.exchange-online-how-to-enable-your-tenant-for-modern-authentication.aspx