Reputation: 655
Connecting to Exchange Online with PowerShell and Modern Authentication (without any dependencies)
I want to connect to Exchange Online using PowerShell and modern authentication without depending on any modules or dll's.
There's a module available for modern authentication to Exchange Online that depends on the CreateEXOPSSession.ps1 and Microsoft.Exchange.Management.ExoPowerShellModule.dll, I have decompiled the latter and found that it generates an access token as such:
TokenInformation accessToken = TokenProviderFactory.Instance.CreateTokenProvider(new TokenProviderContext(authType, "a0c73c16-a7e3-4564-9a95-2bdf47383716", this.AzureADAuthorizationEndpointUri, acquireTokenEndpoint, this.UserPrincipalName, this.Credential, clientAppRedirectUri, (Action<string>) (s => this.WriteWarning(s)))).GetAccessToken();
I want to request the access token is the same way in PowerShell but I can't seem to get the right authentication context and method of retrieving the access token.
Any ideas?
Upvotes: 0
Views: 1589
Answers (1)
Reputation: 16116
You have to have an MSOL connection and create a remote session to EXO to use EXO cmdlets. There is no workaround for this.
The dependencies are there for a reason. The backend plumbing of MSOL / Azure / O365 expects what it expects, and skirting it will just lead you down a very frustrating/hair-pulling activity.
That token is an Azure AD as MA/ADAL requires that you have an Azure AD Premium license. MA requires use of the ADAL API/DLL. This is like asking to programmatically connect to and use Exchange on-prem EAS/EWS services without using the API/DLL, that's not a thing either.
So, no matter how you look at this, there will be dependencies, as noted below. So, if you are serious about this effort, you need to really dig into what MA really is and how it's plumbing really works. Also, MFA must be already enabled for you and users, either in O365 and or the ADAL MFA settings in Azure.
Modern Authentication – What is it? Modern Authentication brings Active Directory Authentication Library (ADAL)-based sign-in to Office client apps across platforms.
Microsoft identity platform authentication libraries
There is also an ADAL module on the MS PowerShellGallery.com.
Microsoft.ADAL.PowerShell 1.12 ADAL module for PowerShell https://www.powershellgallery.com/packages/Microsoft.ADAL.PowerShell/1.12
Functions Get-ADALAccessToken Clear-ADALAccessTokenCache
Microsoft.ADAL.Powershell ``` ####Example 1 This example acquire accesstoken by using RedirectUri from contoso.onmicrosoft.com Azure Active Directory for PowerBI service. It will only prompt you to sign in for the first time, or when cache is expired.
Get-ADALAccessToken -AuthorityName contoso.onmicrosoft.com `
-ClientId 8f710b23-d3ea-4dd3-8a0e-c5958a6bc16d `
-ResourceId https://analysis.windows.net/powerbi/api `
-RedirectUri "http://yourredirecturi.local"
See also: Azure-AD-Authentication-with-PowerShell-and-ADAL
This is a set of really simple PowerShell scripts which allow you to get access tokens with Azure Active Directory using ADAL.
and this... ADAL and PowerShell
Upvotes: 1
Related Questions
- Connect-ExchangeOnline UnAuthorized
- Is is possible to connect to exchange powershell online using azure-AD app ID/secret?
- Connecting Exchange Online with Powershell without basic authentication
- Exchange online api script with unexpected 401 error
- Authenticate via OAuth with App Secret to EWS in PowerShell
- Connect to Exchange from PowerShell on Linux
- Access O365 Exchange Online with an Azure Managed Identity or Service Principal
- Powershell, EWS, OAuth2, and automation
- How do I run Exchange Online remote powershell server-to-server when basic authentication is no longer supported?
- Connect Office 365 Exchange Online through Powershell