Enable modern authentication for Exchange Online

ExchangeOnline_OauthThis blog post is about enabling modern authentication on Exchange Online. Modern authentication is a requirement for conditional access for PCs. For SharePoint Online that’s enabled by default and for Exchange Online that’s disabled by default. However, that configuration is now available via PowerShell. This post is meant to show how easy this can be achieved now. Before this had to be done by enrolling in to the preview program. Now it’s publically available.

Why I’m posting about Exchange Online? Well, actually that’s quite simple, I can’t get around it. If I want to configure conditional access in Microsoft Intune standalone or hybrid, I often need to use Exchange Online. In this post I’ll go through five simple steps to connect, verify and configure modern authentication on Exchange Online.

Connect to Exchange Online

The first thing that is required is to connect to Exchange Online. The good thing about connecting to Exchange Online via PowerShell is that it doesn’t require the installation of any additional modules. Simply walkthrough the following three steps to get connected with Exchange Online.

Step 1: Provide credentials

The first step is to provide the admin credentials for the Office 365 tenant. This can be achieved fairly easy by using the Get-Credential cmdlet. That will show a Windows PowerShell credential request dialog box that can be used for providing these credentials.

$O365Credential = Get-Credential

Step 2: Create a new session

The second step is to create a new remote session to Exchange Online. This can be achieved by using the New-PSSession cmdlet. The session can be created by using the provided credentials and by providing the URI mentioned below.

$EOSession = New-PSSession -ConfigurationName Microsoft.Exchange ` -ConnectionUri https://outlook.office365.com/powershell-liveid/ ` -Credential $O365Credential -Authentication Basic -AllowRedirection

Step 3: Import the new session

The third step is to import the remote session. This can be achieved by using the Import-PSSesion cmdlet. That will import the remote commands to the current session by using providing the new session information. To connect the remote session again, simply use the Remove-PSSession cmdlet.

Import-PSSession $EOSession

Enable modern authentication

The next thing is what this post is actually about, enabling modern authentication on Exchange Online. In two relatively simple steps it’s possible to verify the configuration and to enable modern authentication.

Step 4: Verify the configuration

The fourth step is to verify the current configuration of modern authentication. This can be achieved by using the Get-OrganizationConfig cmdlet. That will get the configuration data for the Exchange organization. In this case simply use a specific select to only get the OAuth* configuration.

Get-OrganizationConfig | Select Name, OAuth*

Step 5: Enable modern authentication

The fifth step is to truly enable modern authentication. This can be achieved by using the Set-OrganizationConfig cmdlet. That can configure the various settings for the Exchange organization. One of the parameters OAuth2ClientProfileEnabled can be used to enable or disable modern authentication on Exchange Online.

Set-OrganizationConfig -OAuth2ClientProfileEnabled:$true

More information

For more information about modern authentication, Exchange Online and PowerShell please refer to the following links:

1 thought on “Enable modern authentication for Exchange Online

Leave a Comment