Joanne: This guest post is written by my mentee, Sheldon Appleyard (bio below). I’ve invited Sheldon to be a guest blogger at joannecklein.com and encouraged him to write content and share knowledge about practical things he’s learned for an audience just starting out in Office 365. Connecting to Office 365 with PowerShell is something we all need to do from time-to-time so it seemed like a great fit!
Sheldon: Hello, my name is Sheldon Appleyard and I’m an IT Pro who has worked in the IT industry for 10 years. Like many, I have been branching out into the Microsoft Cloud over the past 4 years and have been learning as much as I can as I go along. Joanne has graciously offered to mentor me and has invited me to post blogs on her site as I start my adventures in the Microsoft Cloud. Join me as I post about the things I learn and how to implement them for your own use.
When I started learning Office 365 administration, one of the first things I learned was how to connect to Office 365 with PowerShell. This allows you to perform administrative tasks from your local computer. The Azure AD modules allow you to administer users, groups, roles, and licenses. It’s a must-have tool for an Office 365 Administrator to automate administrative tasks for identities across Office 365 and is invaluable in an administrator’s tool belt!
Examples of tasks you can do with these modules:
- create/remove user accounts
- create/remove groups (Microsoft 365 groups, security, distribution)
- add/change/remove licensing
This post walks thru the steps to get up and running with Office 365 PowerShell.
To start using Office 365 PowerShell, we’ll go through setting up PowerShell and how to connect to Office 365. Connecting to Office 365 PowerShell will vary based on what type of set up you have for your Administrator account and, in some cases, which country or type of Office 365 subscription you have. I’m going to focus on how to connect to the Office 365 worldwide subscription environment.
Setting up PowerShell
When connecting to Office 365 PowerShell, you will need to use a PowerShell module to help you connect and supply cmdlets needed to manage Office 365 Admin. As of this writing, there are two modules for connecting to Office 365:
- Azure Active Directory PowerShell for Graph (AzureAD)
- Azure Active Directory Module for Windows PowerShell (MSol)
The newer module, AzureAD, is to replace MSOL as Microsoft shifts towards an open system where PowerShell can be used cross platform.
You may have to use both depending on what you are trying to achieve, but whenever possible, use the AzureAD module to get comfortable with it.
To run either module, you will need PowerShell 5.1 or later but MSOL module will not work on PowerShell 7.0 and only runs on Windows. To run either module, you will need to first install the modules through PowerShell.
Installing AzureAD module
To install AzureAD, run the following commands from an elevated PowerShell command window
- If prompted about installing a module from an untrusted repository, type Y and press enter.
Installing MSOL module
To install MSOL, run the following command from an elevated PowerShell command window:
- If prompted to install the NuGet provider, type Y and press Enter.
- If prompted to install the module from PSGallery, type Y and press Enter.
You will also need to install the Microsoft Online Services Sign in Assistant which you can find here.
Connecting to Office 365 PowerShell
With the modules now installed, you can connect to Office 365 through PowerShell.
For both connection methods below, if you have Multi-factor authentication set up, you will be asked to enter in further information to verify who you are before connecting.
To connect using AzureAD, enter the following commands into a PowerShell command window:
You will be prompted to sign in by providing your account credentials.
To connect using MSOL, enter in the following commands in a PowerShell command window:
You will now be prompted to sign in by providing your account credentials.
Passing in Credentials
It’s important to understand that this is not the only way you can connect using the two above connect commands. There are multiple parameters also available to these commands to allow you to connect in different ways. A great example of this is to connect using credentials stored in a variable. You can use the Get-Credential command to get a user’s login credentials and store them in a variable. You can then pass the variable to the connect command to login. See example below.
Connect-AzureAD -Credential $Cred
You can use this style of connecting in a script if you need the script to be useable by multiple admins without storing the login credentials within the scripts. There are more advanced ways to connect but for now these two basic ways are enough to get you started.
Closing PowerShell Sessions
When you are done your session and no longer need to be connected to Office 365 PowerShell, it is very important to dispose of your open session(s) to Office 365 before closing PowerShell. If you do not remove your sessions when you are done, you can quickly use up all your connections and will have to wait until your sessions time out and are closed by Office 365.Pro tip! Always remember to remove your PowerShell sessions when you're done with them! Click To Tweet
To close your open sessions, use the Remove-PSSession command in PowerShell. You can close your sessions in a couple of ways. The first is to track your sessions as you open them in PowerShell variables. You do this by assigning the session to a variable as you open it as shown in the command below.
$MSOLSession = Connect-MsolService
Later, you can then use these variables to pass the session needing to be closed to the Remove-PSSession cmdlet, as shown below:
If you need to control when you end sessions or if you need to do specific things when closing the sessions, this is the route to go.
The second option is to close all open sessions to clean everything up before closing PowerShell. You can use Get-PSSession command in conjunction with the remove command to clean up all sessions as shown in the below example.
You’re on your way!
That’s all you need to get started in connecting to Office 365 PowerShell. You can use these Azure AD modules to administer users, groups, roles, and licenses in your Office 365 subscription.
What’s next? For my next guest post, I’ll talk about creating and removing users to Office 365.
Credit: Photo by Negative Space from Pexels
How I Connect to MSOL and EXO services from PowerShell together?
You can connect to both services in the same PowerShell console. You do need to run the connect commands for both services to open a connection to them. If you are required to use multifactor authentication you will need to run each connect command and go through the login process but if you don’t use multifactor authentication you can use get-credential to store you credentials in a variable and then pass them to each connect command when you go to connect to the service. For Exchange Online you will want to use the new Exchange Online V2 commands and use Connect-ExchangeOnline to connect to that service. The old commands are being deprecated and replaced.
I hope this helps and if you have more questions please feel free to ask.
I think “Install-Module -MSOnline” should be “Install-Module MSOnline” No hypen after Install-Module