How to connect to your Office 365 Tenant via Powershell

PowershellHow-to
Written By Luke Kavanagh

For a simple, quick, short-handed guide. Scroll to the bottom.

Powershell is one of the most powerful (pun-intended) tools you can use. Often, Office 365 can seem very clunky and slow and it always seems to be missing that 1 feature/setting you require. With Powershell, that one feature or setting you need is there. No slow navigation panels, no tediously logging into a browser to make a change and no having to navigate through multiple pages to get to where you need to be.

As with all tools, there are learning curves but fortunately for us, there’re tons of learning material out there and plenty of scripts already created and ready to be used. You can create scripts, modify somebody else’s script or copy a script.

My only recommendation would be to understand a script before running it or verify it is a safe script. Before you can run any script within O365, you have to set your Execution Policy. An Execution Policy is a level of security. For example:

  • AllSigned. Requires that all scripts and configuration files are signed by a trusted publisher, including scripts written on the local computer.

  • Bypass. Nothing is blocked and there are no warnings or prompts.

  • Default. Sets the default execution policy. Restricted for Windows clients or RemoteSigned for Windows servers.

  • RemoteSigned. Requires that all scripts and configuration files downloaded from the Internet are signed by a trusted publisher. The default execution policy for Windows server computers.

  • Restricted. Doesn't load configuration files or run scripts. The default execution policy Windows client computers.

  • Undefined. No execution policy is set for the scope. Removes an assigned execution policy from a scope that is not set by a Group Policy. If the execution policy in all scopes is Undefined, the effective execution policy is Restricted.

  • Unrestricted. Beginning in PowerShell 6.0, this is the default execution policy for non-Windows computers and can't be changed. Loads all configuration files and runs all scripts. If you run an unsigned script that was downloaded from the internet, you're prompted for permission before it runs.

Now, That may look like a wall of text (and it is) but you can clearly see what each policy does.

For most cases, AllSigned or RemoteSigned will be your best friends but Bypass is incredibly useful. As long as you understand the script or have verified it from a legit source, Bypass is great and will cause less obstacles. Obstacles = Security.
To find out more about Execution Policies, go to Microsoft’s page here.

Let’s get into connecting to your Office 365 environment.

  • Run Powershell as Administrator

Powershell admin.PNG

Now we will set the execution policy. For this example, we will run Remote signed.

  • Set-ExecutionPolicy RemoteSigned

Execution Policy.PNG

Type ‘Y’ or ‘A’ to confirm.

Now, we will need the computer to know the credentials we will be using this session. To do this, we will enter the command:

  • $UserCredential = Get-Credential

Please enter the Office 365 credentials you will be using. 99% of the time it will be an admin account or an account specifically setup for Powershell if you follow Microsoft’s best practices.

Credentials.PNG

You will need to import the service you will be using. You will probably be using Exchange Online as most people use that the most. To connect to Exchange Online, you will need to type the following command:

  • $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

I know what you’re thinking. Why just connect to Exchange Online? Why not connect to Sharepoint as well or all services at once. Well, you can. I normally find you run into more issues as it tries to connect to multiple services so if something fails, you have to spend effort troubleshooting. It also takes slightly longer to go through the command although, we are talking seconds.
To connect to all Microsoft services at once, please go to the Microsoft article here.
If you have any issues with the service command, it normally indicate you have entered in the wrong credentials. To get around this, type the command $UserCredential = Get-Credential again and re-run the service command.**

We have one last command to connect to the our tenant. We use this command to create an active session. The command is:

  • Import-PSSession $Session -DisableNameChecking

You will now be connected to your environment. If you had any issues at this stage you likely entered the wrong credentials in step 1 or didn’t use the above $Session command.

Once you enter your script or command. You will need to disconnect your session with: Remove-PSSession $Session

Let’s go through the quick steps.

New, modern solution which supports MFA

  1. Run Powershell as admin

  2. Type the Execution policy and type A to accept: Set-ExecutionPolicy RemoteSigned

  3. Enter the command but change the [email protected] to your account:
    Connect-ExchangeOnline -UserPrincipalName [email protected]

  4. You’re now connected to your tenant’s exchange! :)

OLD METHOD - DOESN’T SUPPORT MFA

  1. Run Powershell as admin

  2. Run the Execution policy: Set-ExecutionPolicy RemoteSigned

  3. Run: $UserCredential = Get-Credential

  4. Run the service: $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

  5. Create the session: Import-PSSession $Session -DisableNameChecking

  6. Once done, disconnect the session: Remove-PSSession $Session

Luke Kavanagh
Previous

How to change calendar permissions for O365 via Powershell
Next

How to check Shared mailbox’s Access Rights via Powershell