Exchange Online – The new Exchange Online PowerShell module (v2) is now available
It has been announced at last year Ignite Conference (Ignite 2019) and since then has been in preview.
2 min read
cubesys : Jul 3, 2020 12:00:00 AM
As you know, Microsoft is going to retire the basic authentication for Exchange Online PowerShell during the second half of 2021.
In preparation of this retirement, a new Exchange Online PowerShell module has been released, known as Exchange Online PowerShell module v2 (see https://t.co/Jg3iTICowv).
Well, the next step of this preparation is the introduction of the modern authentication for unattended scripts; you know the script you run using a schedule task with no interaction. The authentication method will use a self-signed certificate to authenticate against an Azure AD Application.
To start using this new capability with your scripts, you need to install the preview module for Exchange Online PowerShell module v2 using the below command
Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -AllowPrerelease
Update-Module -Name ExchangeOnlineManagement –AllowPrerelease
Then you need to generate a self signed certificate using the script available at https://github.com/SharePoint/PnP-Partner-Pack/blob/master/scripts/Create-SelfSignedCertificate.ps1 and the command
.Create-SelfSignedCertificate.ps1 -CommonName “MyCompanyName” -StartDate 2020-04-01 -EndDate 2022-04-01
or you can use the makecert.exe tool from the Windows SDK.
Capture the certificate thumbprint
Connect to your Azure (https://portal.azure.com) or Azure AD portal (https://aad.portal.azure.com/) to access your Azure AD blade
Then go to the App registrations blade and register a new application
Create the application using the below settings
Then you need to assign permissions to the newly create application by accessing the API Permissions blade and then Add a permission
Then select Application permissions and the Exchange one under the Supported legacy APIs section to select Exchange.ManageAsApp after selecting Application Permissions
Capture the Application (client) ID of the registered application using the Overview blade
Finally grant the admin consent to the application
Upload the self-signed certificate you have generate earlier by accessing the Certificates & secrets blade
Finally you need to grant one of the administration roles supported – depending of the administration permission you need with your script:
You assign the corresponding administration role(s) from the Azure ADRoles and administrators blade
You are now ready to include the new modern authentication in your script.
Install the self-signed certificate in the ComputerPersonal certificate store.
Replace the commands you used to authenticate and connect to Exchange Online with the below
Connect-ExchangeOnline -CertificateThumbPrint “<certificate thumbprint>” -AppID “<Azure AD application ID>” -Organization “<your Office 365 tenant – mytenant.onmicrosoft.com”
It has been announced at last year Ignite Conference (Ignite 2019) and since then has been in preview.
As you know, managing Exchange and Exchange Online can be done from either the Exchange Administration Center (EAC) or with PowerShell modules.
For those working with Office 365 and Exchange Online, you already know that the Exchange Online PowerShell modules have been evolving and is now...