IBM Security MaaS360

 View Only

MaaS360 with Watson for Cloud Extender Office 365 Admin Account support for Exchange Online.

By Lakshmeesh C Hegde posted Wed April 13, 2022 02:53 AM

  

Author - @Lakshmeesh C Hegde

Exchange Online PowerShell V2 module

The Exchange Online PowerShell V2 module (abbreviated as the EXO V2 module) uses modern authentication to connect to the Exchange-related PowerShell environment in Microsoft 365.

Some key points about the EXO V2 module:

  • Download from PowerShell gallery
  • Run the module from Windows PowerShell and Windows PowerShell ISE
  • Single cmdlet Connect-ExchangeOnlinesupports both MFA and non-MFA accounts
  • EXO V2 cmdlets are REST API-based which are much faster and more reliable
  • Older cmdlets are backward compatible
  • All versions of the EXO V2 module are supported in Windows PowerShell 5.1. PowerShell 7 on Windows requires version 2.0.4 or later of the EXO V2 moduloke

Install Exchange Online PowerShell V2 module

Before we can install the Exchange Online PowerShell V2 module, we need to set up the system.

Start the following commandlets

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

Install-Module PowershellGet -Force

Update-Module PowershellGet

Set-ExecutionPolicy RemoteSigned

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.5

Note: ExchangeOnlineManagement version should be - 2.0.5

By default, we can’t install scripts. To require all PowerShell scripts that you download from the internet are signed by a trusted publisher, run PowerShell as administrator, and run the cmdlet. Press Y and press Enter.

Run the command Install-Module PowershellGet -Force. When asked to install NuGet provider, press Y and follow with Enter.



If Install-Module PowershellGet -Force already installed



Install the Exchange Online Management module. Press Y and Enter.

To check the version of the module that's currently installed

Import-Module ExchangeOnlineManagement; Get-Module ExchangeOnlineManagement

Start your connection to Exchange Online

Connect-ExchangeOnline 


Connect to Exchange Online PowerShell using the EXO V2 module with or without MFA.



Note :

  • EAS Module v2.0.5: Install only this version of ExchangeOnlineManagement. Client may see issues if they upgrade to the latest (v3.0.0). To resolve this issue, uninstall the existing version, and install v2.0.5.
  • Get-InstalledModule -Name ExchangeOnlineManagement
  • Uninstall-Module -Name ExchangeOnlineManagement
  • Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.5


How can the Exchange Online Credentials be Verified using Powershell?

#Set the username:
$username = 'Your User Name ' <Enter>

#Set the password:
$password = 'Your Password here ' <Enter>

#Clear any existing sessions:
get-pssession | remove-pssession

#Convert the password to a secure string:
$securepassword = convertto-securestring $password -asplaintext -force

#Create the credentials object:
$PSCredObj = New-Object System.Management.Automation.PSCredential($username,$securepassword)

#Set the URI:
$serveruri = '
https://outlook.office365.com/powershell'

 #Open the Office365 session:
Connect-ExchangeOnline -Credential $PSCredObj -ConnectionUri $serveruri


How to Validate Exchange online credential on Cloud Extender config Tool?

Step 1: Open the Cloud Extender Config Tool and Navigate to the Exchange module


Step 2
1. Enter the hostname.

2. Enter the Username and password.

3. Click on Validate All Accounts.

4. Click on Next
5. Click on Save


How can the Proxy Setting Exchange Online Credentials be Verified using PowerShell?

#Set the username:
$username = 'Your User Name ' <Enter>

#Set the password:

$password = 'Your Password here ' <Enter>

#Clear any existing sessions:

get-pssession | remove-pssession

#Convert the password to a secure string:

$securepassword = convertto-securestring $password -asplaintext -force

#Create the credentials object:

$PSCredObj = New-Object System.Management.Automation.PSCredential($username,$securepassword)

$proxysettings = New-PSSessionOption -ProxyAccessType IEConfig

#Set the URI:

$serveruri = 'https://ps.outlook.com/powershell/'

#Open the Office365 session:

Connect-ExchangeOnline -Credential $PSCredObj -ConnectionUri $serveruri -PSSessionOption $proxysettings

How to configure and validate Exchange online credentials on Cloud Extender config Tool using Proxy?

Step 1: Open the Cloud Extender Config Tool and Navigate to the Exchange module


Step 2
1. Enter the hostname.

2. Enter the Username and password.

3. Select the checkbox Use IE proxy for Office365 PowerShell connection

4. Click on Validate All Accounts.

5. Click on Next
6. Click on Save

Troubleshooting

O365 currently supports only TLS 1.2 protocol. The PowerShell command we use to connect to exchange online may not using that protocol and hence the handshake may be failing.

1. Error Acquiring Token

  • If you see the issue the following message in PowerShell, then the issue is related to TLS 1.2 protocol:

 To Solve the issue please follow the below steps:

  1. Backup the current Registry on the CE Server.
  2. Make the below changes in the Registry on the CE server
  3. TLS 1.2 registry key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
   "SystemDefaultTlsVersions" = dword:00000001
   "SchUseStrongCrypto" = dword:00000001


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
   "SystemDefaultTlsVersions" = dword:00000001
   "SchUseStrongCrypto" = dword:00000001

        4. Stop and Restart CE services and check if the issue persists.
       5. If the issue persists, reboot the CE server and check again if the issue persists.

2. If you see the following message in cloud extender config tool - Unable to authenticate the following service account


Add this registry Key - TLS 1.2 registry key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
   "SystemDefaultTlsVersions" = dword:00000001
   "SchUseStrongCrypto" = dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
   "SystemDefaultTlsVersions" = dword:00000001
   "SchUseStrongCrypto" = dword:00000001

    4. Stop and Restart CE services and check if the issue persists.
    5. If the issue persists, reboot the CE server and check again if the issue persists.
Refer - https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/enable-tls-1-2-client

Wrapping up

The new Exchange Online module is powerful and makes working with Exchange Online a lot easier. I hope this article helped you to switch to Modern authentication for the Cloud Extender Exchange Active Sync module.

If you have any questions, just drop a comment below.

Find out more about Unified Endpoint Management: https://www.ibm.com/security/unified-endpoint-management

Find out more about IBM Security MaaS360 with Watson: https://www.ibm.com/products/unified-endpoint-management



0 comments
10595 views

Permalink