Connecting to PowerShell to Manage Exchange (After Basic Authentication is deprecated)

If you're not aware, Basic Authentication has been deprecated for pretty much everything in PowerShell.

So, all those nifty PowerShell examples you found across the internet? All the help docs for everything you need to use? All of your team's meticulously documented SOPs? Broken. They all need to be updated.

(╯°□°)╯︵ ┻━┻

Connecting to Exchange in PowerShell is a pretty common scenario. However, with the recent deprecation of Basic Authentication, admins are now forced to find alternative methods to connect to Exchange and manage their systems.

Let's explore the latest and most secure ways to connect to PowerShell for Exchange management and ensure a seamless transition for administrators. Whether you're new to Exchange management or a seasoned pro, this guide will provide valuable information and step-by-step instructions for connecting to PowerShell in the post-Basic Authentication world.

Deprecation of Basic authentication in Exchange Online
Learn about deprecation of Basic authentication in Exchange Online

The old way (You're probably doing this):

$UserCredential = Get-Credential

$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Import-PSSession $Session

But you need to convert this to Modern Authentication. Should be easy.

The best tool for the job is the Connect-ExchangeOnline Module.

You can get it from the PowerShell Gallery, or just:

Install-Module -Name ExchangeOnlineManagement

The Best way to Sign in (Including Modern Authentication, MFA support, delegation, global admin accounts, and more):

The easiest way to authenticate your device is through the following one-liner:

Connect-ExchangeOnline -ShowBanner:$false -Device

You'll notice the -Device flag (The important part!). This gives you a link to open in your browser, and a code, and listens for a completion (even on another device). So, if you're prompted for MFA, it can handle that.

And, the -ShowBanner:$false part hides a particularly onerous and lengthy welcome message you aren't likely to need.

The response looks like this:

To sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code FOOOOOOOOO to authenticate.

You just go to https://microsoft.com/devicelogin, then enter your code, sign in, and click through the prompts until it says you're done.

Then, you can go about your business and run the rest of your script, or session, as you normally would.

┬─┬ノ( º _ ºノ)