Office 365 – Encrypted Powershell Credentials

TOPICS:

Posted By: Jake 21st January 2017

In this post I will go over how to connect automatically to Office 365 (Windows Azure Active Directory) and Exchange Online, without the need of typing long and complicated PowerShell commands each time! The added bonus that I would like to add to this is a method that will enable to complete these tasks and avoid having to provide our global administrator credentials, each time we run the PowerShell script.

If you are doing this for the first time then you will need a couple of components from Microsoft:

  1. Download and install the two Office 365 Powershell tools.

Microsoft Online Services Sign-In Assistant for IT Professionals RTWWindows Azure Active Directory Module for Windows PowerShell

  1. Set the PowerShell execution policy to enable us to run a script

First we to enable our PowerShell console to run the script by running the PowerShell console as administrator and then issue this PowerShell command:

Set-ExecutionPolicy Unrestricted -force

Ok, you should now be all set to get stuck into the good stuff!

  • Step 1#3 – Save the administrator password to a text file and encrypt the password using PowerShell.
  • Step 2#3 – Write a PowerShell script, that will use the encrypted password. Test that we can create a remote PowerShell session to Windows Azure Active Directory + Exchange Online.
  • Step 3#3 – Execution of the remote PowerShell script this will verify that the script is operating properly.

Step 1#3 – Save the administrator password to a text file and encrypt the password using PowerShell.

The complete Powershell syntax we will be using is as follows:

Read-Host -Prompt "Enter your tenant password" -AsSecureString | ConvertFrom-SecureString | Out-File "C:\Office365\Logins\cred.txt"

The screenshot below is an example of how to use this command. Note: Before running this command you will need to create a file called “cred.txt” alter the path to suit your needs.

After pressing enter you are them prompted for your password, supply your tenant admin password which will populate cred.txt.

Navigate to where you saved your cred.txt and you should see something like the below.

Step 2#3 – Write a PowerShell script, that will use the encrypted password.

This section of the script uses the UPN name of the EXO administrator followed by the encrypted password we created earlier.

$AdminName = "administrator@O365domain.com" $Pass = Get-Content "C:\Office365\Logins\cred.txt" | ConvertTo-SecureString $cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $AdminName, $Pass

The top section connects to Azure Active Directory and the bottom section connects to Exchange Online.

Import-Module MSOnline

Connect-MsolService -Credential $cred 
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $cred -Authentication Basic -AllowRedirection
Import-PSSession $Session
Compile the pieces into a single notepad file making sure to change the file extension to *.ps1 as below.
Save the script into the same place as your “cred.txt” to make it easier for yourself, open an Azure Powershell session and cd to the directory you saved the script to.
Tab completion is great when in the directory you saved the script to type ./L and press ‘Tab’ and it will complete itself, followed by enter.
If you see this screen then your script and cred.txt has been read successfully and is now connecting to Office365.
To test you have successfully connect run Get-MsolUser to list all users in Azure. Or Get-Mailbox for EXO.

Be the first to comment on "Office 365 – Encrypted Powershell Credentials"

Leave a comment

Your email address will not be published.


*