Connecting to Exchange Online PowerShell using Modern Authentication

Microsoft removes support for basic authentication in Microsoft 365 services, including Exchange Online PowerShell. So if you’re not yet using the Exchange Online PowerShell modern authentication, it’s high time for you to start.

Luckily, this article will show you the different Exchange Online PowerShell modern authentication methods. So stay tuned and keep on reading.

Install the Exchange Online Management v2 Module

To connect to Exchange Online PowerShell using modern authentication, you must first install the Exchange Online Management v2 module. This module supports Windows PowerShell 5.1 and PowerShell 7.0.3 and above.

Since PowerShell 7+ is cross-platform, you may use the EXO v2 module on the following officially supported operating systems:

  • Windows 10
  • Windows 11
  • Ubuntu 18.04 LTS
  • Ubuntu 20.04 LTS
  • macOS 11 Big Sur or later
  • macOS 10.15 Catalina
  • macOS 10.14 Mojave

The examples in this article will be performed with PowerShell 7.2.5 on Windows 10.

To install the EXO v2 module, open PowerShell as administrator and run the command below:

Install-Module ExchangeOnlineManagement -Scope AllUsers

After the installation, confirm the successful module installation:

Get-Module -ListAvailable ExchangeOnlineManagement

As you can see, the latest EXO v2 module as of this writing is 2.0.5.

exchange online powershell modern authentication

Note. On Linux and macOS systems, you’ll need to install an additional module, which is the PSWSMan module. This module installs the forked WSMan client libraries for Linux and macOS.

Install-Module -Name PSWSMan 
Install-WSMan

Interactive Exchange Online PowerShell Modern Authentication (without MFA)

For organizations and users that do not require multifactor authentication (MFA), the methods to connect to Exchange Online PowerShell using modern authentication are below.

Using Credential Objects

This Exchange Online PowerShell modern authentication method prompts you to enter the username and password manually:

Connect-ExchangeOnline -Credential (Get-Credential) -ShowBanner:$false

On PowerShell 7, the above command will prompt you to enter the credentials inline like on the screenshot below:

powershell modern authentication

On Windows PowerShell 5.1, the behavior is different. You’ll get a pop-up dialog where you need to enter your credentials:

exchange online modern authentication powershell

Alternatively, you can first store the credential to a variable by running the Get-Credential cmdlet. And when you execute the Connect-ExchangeOnline cmdlet, you can pass the variable to the -Credential parameter:

$exoCredential = Get-Credential 
Connect-ExchangeOnline -Credential $exoCredential -ShowBanner:$false

modern authentication powershell

Using Inline Credentials

Specifying the -InlineCredential switch causes PowerShell to prompt you to enter the credentials on the terminal:

Connect-ExchangeOnline -InlineCredential -ShowBanner:$false

This login experience would be similar to the -Credential prompt, as you can see below.

connect exchange online powershell modern auth

Note. The -InlineCredential does not work on Windows PowerShell 5.1.

Interactive Exchange Online PowerShell Modern Authentication (with MFA)

For administrators whose accounts require MFA, the authentication experience includes logging in using the web browser. The web browser may or may not automatically launch depending on the Exchange Online PowerShell modern authentication you use.

Browser-Based Log In

To connect to Exchange Online PowerShell using modern authentication via the browser-based method, specify the -UserPrincipalName parameter followed by the username:

Connect-ExchangeOnline -UserPrincipalName your_account@domain.onmicrosoft.com

The browser automatically opens the authentication page. You’ll notice that your username is already populated on the login form. Enter your account password and click Sign in to complete the authentication.

connect to exchange online powershell modern authentication

If your admin account is MFA-enabled, you’ll get the MFA challenge you must complete:

connect to exchange online powershell using modern authentication

If the login is successful, you’ll see the confirmation on the web browser, as shown below. Once you do, you can now close the browser and go back to your PowerShell window.

powershell modern authentication exchange online

Device Code Log In

If you’re connecting to Exchange Online on a computer without a desktop environment, you obviously cannot open a web browser to perform the authentication. Typically, you’ll be in this situation on a Windows Server Core or Linux Server without a desktop environment.

In this case, you can still connect to Exchange Online PowerShell using modern authentication through the device-based code login. Here’s how it works.

Run the below command in PowerShell to initiate the device login.

Connect-ExchangeOnline -Device -ShowBanner:$false

You’ll see the below message telling you to open a web page on your browser and enter the unique code.

exchange online modern authentication powershell connect

Now, open a web browser on any device and open the URL https://microsoft.com/devicelogin. Once you’ve opened the page, type the unique code into the field and click Next.

connect to exchange online powershell using modern auth

Continue the login process by entering your credentials and the MFA challenge (if enabled). You will get a message asking, “Are you trying to sign in to Microsoft Exchange REST API Based PowerShell?”. Click the Continue button.

connect to exchange online powershell modern auth

Finally, you’ll receive the below message confirming that you’ve successfully logged in to Exchange Online PowerShell. At this point, you can now close the browser tab.

powershell modern auth

That’s it! You can now use modern authentication with the Exchange Online PowerShell module.

Cyril Kardashevsky

Leave a Reply

Your email address will not be published.