Exchange Online Management Shell can now be connected by utilizing certificate.
You can call it as APP only authentication that you have already experienced with SharePoint online.
This feature is currently in public preview (2.0.3-Preview), good thing about it is that when you connect Exchange Shell using this method then Conditional Access policies are not applied so unattended automations can run without issues.
You need to first install or update the existing version of Exchange Online management Shell on your computer.
Install-Module -Name ExchangeOnlineManagement -AllowPrerelease -Force
Now Register the APP in Azure AD as its APP based authentication that will be used.
Go to Portal.Azure.com à Azure Active Directory à App registration
New Registration, choose any name you want such as Exchange-Shell and Register.
Now assign the permissions by clicking API permissions and selecting Exchange
Click on Grant Admin Access and hit yes.
Now next step is to generate a Self-Signed certificate using Powershell which you need to upload to this application.
Use the Script Create-SelfSignedCertificate.ps1
.\Create-SelfSignedCertificate.ps1 -CommonName “Techwizard-Exchange” -StartDate 2020-09-20 -EndDate 2021-09-19
Now upload this certificate to the Azure AD application that you have created.
Now we have to assign the exchange Role to this application so that it can use exchange cmdlets.
Currently below Roles are supported.
Go to Azure AD à Roles and Administrators à Select Exchange Administrator Role.
Click on Assignments and select the APP and hit ADD.
Now we are done with the prerequisites , lets connect to the Exchange Shell now.
Connect-ExchangeOnline -CertificateFilePath “C:\data\Techwizard-Exchange.pfx” -CertificatePassword (ConvertTo-SecureString -String “CertPassword” -AsPlainText -Force) -AppID “b77578bd-b422-4679-a7d6-5b64642fe5b” -Organization “techwizard.onmicrosoft.com”
APPID à you can get it from overview of the APP that you have registered, password is the password you entered while generating the certificate.
Now I am connected using certificate-based authentication as Exchange Administrator Role using APP only authentication.
Reference: App-only authentication for unattended scripts in the EXO V2 module
Thanks for reading….