Install the latest Windows PowerShell and Exchange Online Management EXO V2module

I often find that I’ll jump on to a server, PC or laptop and I’m trying to run commands in PowerShell that it doesn’t understand. Normally because it’s an old version of PowerShell, certain modules aren’t installed or I’m just bad at typing.

Here’s where to get the latest version of Windows PowerShell and EXO V2 that you will need if you’re working with Exchange Online.

PowerShell 7
https://aka.ms/PSWindows

Exchange Online Management
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/

At the time of writing the following command will get you the module…

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.5

Check what modules are installed…

Get-InstalledModule

MFA not working in Outlook 2019 – Exchange Online

Scenario:-

Microsoft 365 tenant, mainly using Exchange Online (Plan 1) licenses. I enabled MFA for a couple of users which works fine logging in to https://office.com

Users can access Outlook on the web without any problems and get notifications sent to the “Microsoft Authenticator” app to approve or SMS if they choose one of the other authentication options.

When it comes to Outlook 2019 they just repeatedly get asked for their email credentials in a standard type popup box as opposed to the newer MFA style popup that you see like when you login to https://office.com where it asks for email, then password, then MFA option.

I know this type of problems exists with older versions of Outlook 2013 and lower and there are workarounds for it but this is Office 2019!

Solution:-

After raising a support ticket with Microsoft and getting a call back pretty much straight away from a very knowledgeable “Support Ambassador” we managed to sort the problem. Turns out that if your tenant was created before 2017 (ours was 2014) then the default policies in place for the basic Azure type licenses that come with the lower tiered licenses like Exchange Online might not work very well when enabling MFA on a user account! Tenants created later than 2017 tend to work just fine.

Here’s what we did…

  1. Run PowerShell as admin
  2. Connect to Exchange Online (If user has MFA enabled) using the following steps:-
    $MFA = New-Object -ComObject InternetExplorer.Application -Property @{Navigate2="https://cmdletpswmodule.blob.core.windows.net/exopsmodule/Microsoft.Online.CSE.PSModule.Client.application"}

    The command above installs a module which then launches another PowerShell window.

  3. In the newly opened window enter the following:-
    Connect-EXOPSSession

    Enter your tenant administrator login information.

  4. Enter the following command:-
    Set-OrganizationConfig -OAuth2ClientProfileEnabled $true 

This pretty much enables the use of MFA now for your Exchange Online tenant. It can take a few hours for things to propagate and for Outlook 2019 to make use of this. If you need to speed this process up you can add the following registry key to the users computer. Make sure to close Outlook first.

  • HKEY_CURRENT_USER\Software\Microsoft\Exchange
  • On the Edit menu, point to New, and then click DWORD Value.
  • Type AlwaysUseMSOAuthForAutoDiscover, and then press Enter.
  • Right-click AlwaysUseMSOAuthForAutoDiscover, and then click Modify.
  • In the Value data box, type 1, and then click OK.
  • Exit Registry Editor.

Open Outlook and you should now get the MFA type prompt as you would expect. I think if you continue to have problems then it’s worth deleting the Outlook profile on the computer and starting again.

The following article may also be of use as it goes into a lot more detail about how to enable or disable modern authentication for Outlook in Exchange Online https://docs.microsoft.com/en-us/Exchange/clients-and-mobile-in-exchange-online/enable-or-disable-modern-authentication-in-exchange-online

One last thing… enabling modern authentication for Outlook in Exchange Online wont affect any of your other users who may not have MFA setup.

Hopefully this may help someone somewhere one day!

Outlook won’t accept “app password” after setting up MFA

So we use Exchange Online Plan 1 and Outlook 2016. After setting up Multi-factor Authentication for one of my email accounts I found that after a couple of days Outlook started popping up the password prompt for the account.

No matter how many times I tried it wouldn’t accept the “app password” i created here or the normal password for the account. After a bit of digging I found this article which suggested adding the following registry key which solved the problem for me.

HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\Identity
DisableADALatopWAMOverride
dword value 1