exchange-basicauth

How do I run Exchange Online remote powershell server-to-server when basic authentication is no longer supported?


Microsoft will end support for basic authentication in Exchange Online remote powershell October 13th, 2020.

Server-to-server communication can be done using the System.Management.Automation.Runspaces.WSManConnectionInfo class with basic authentication. What is the supported way for an on-premise daemon application to run remote powershell in Exchange Online when basic authentication is no longer supported?


Solution

  • If you don't want to rewrite your remote PowerShell code to use the new V2 Exchange Online Management module shown by @stukey above, you can use an alternative workaround by using ADAL (or a similar library) to fetch an access token from AzureAD, then use the token as password when constructing your PSCredential.

    If you add ?BasicAuthToOAuthConversion=true to the connection URI, the server will then pull the token from the basic auth header and use modern authentication with the token instead.

    The workaround is outlined here and semi-documented by Microsoft here.