It was Laozi who said “A journey of a thousand miles begins with a single step” and for every office 365 admin that first step is getting PowerShell connected to your tenant.
Meeting the Minimum
Before you can connect PowerShell to your Office 365 tenant, you’ll need to make sure your workstation meets the minimum requirements. You must be running Windows 7 / Windows Server 2008 R2 or later. Personally I would recommend NOT installing this on a server and instead use your local workstation. The main advantage Office 365 is that you can perform administrative tasks anywhere in the world, why would you want to limit yourself a server that introduces the need for a remote access solution? Additionally, many PowerShell tasks will rely on importing a CSV; removing the need to transfer these CSVs will simplify your life.
Once you’ve identified the workstation that you want to connect from, you’ll want to ensure that you have enabled the .net framework as .net 3.5.1 is required. To enable the .net framework simply open up a run command and type appwiz.cpl to open the Programs and Features control panel. From the Turn Windows features on or off menu, verify the feature outlined below is selected. After enabling this feature for the first time you’ll want to make sure you’re caught up on windows updates before proceeding to the next step.
Building the Foundation
Once you’ve made sure that your workstation is up to the task, you’ll need to download and install two pieces of software. The first is the Microsoft Online Services Sign-In Assistant for IT Professionals. This package will provide your workstation with the components necessary to connect PowerShell to Office 365
Microsoft Online Services Sign-In Assistant for IT Professionals
The second package you’ll need to download and install contains the Office 365 commandlets. Commandlets are best described as expansion packs for PowerShell. PowerShell is a mighty tool but out of the box it has no knowledge of how to interact with Office 365, these commandlets enable this ability. The Office 365 commandlets are bundled inside of the Azure Active Directory Module. While still available, Microsoft has discontinued support for the 32 bit version of these commandlets. This means that’s while you’ll be able to connect and run most commands, new commands will not be available to you if you are running a 32bit OS.
Office 365 Commandlets (for 64 bit OS)
Office 365 Commandlets (for 32 bit OS)
Make it easy on yourself
With the necessary software installed its time to fire up PowerShell and get connected. You’ll find 600 different connection methods and scripts. This is the one that I’m found to be the most reliable and simple. You’ll want to open up Notepad and paste in the code below. Save the file as connect.ps1 and to save yourself some time, move the file to c:\windows\system32\ (the default PowerShell directory).
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Connect-MsolService -Credential $UserCredential
After saving the script you’ll want to launch PowerShell using the Run as Administrator option. If this is the first time connecting you’ll need to run this command once to enable execution of the connection script
The Moment of truth
Commandlets installed, script saved, and execution policy set; It’s now time to connect. Verify that PowerShell is in the default directory of c:\windows\system32\ where you placed the connect.ps1 script. If you find yourself in a different directory as pictured below then run the command shown below to correct the issue.
Execute the command below to connect, and when prompted enter your global administrator credentials.
To verify your connection you may run the command below which will simply list all user accounts in your tenant
If you’ve enabled two-factor authentication on your account then you will need to create a secondary global administrator account for PowerShell use as the Office 365 command redirection does not currently support two-factor authentication.
Success! If you encounter any issues please message me using the form below and I’ll be happy to help. As always please feel free to email me @ firstname.lastname@example.org with complaints, comments, or topic requests.
If you’re the type of person who dismounts USB drives before unplugging them then you’ll want to end your session with the command below.
Get-PSsession | Remove-PSsession
#aad #azureactivedirectory #o365 #office365 #powershell #ps101