0 votes

We still use MsolService (MSOnline) Cmdlets because newer modules don't have some of the features. With the depreciation of GetOffice365Credential how should we should we move forward? Go back to SecureString and PSCredential values again or use the Azure token?

Connect-MsolService -AdGraphAccessToken $Context.CloudServices.GetAzureAuthAccessToken()

by (350 points)
edited by
0

Hello,

Unfortunately, the approach used in your example will not work because the token returned by the GetAzureAuthAccessToken() method can be used only for connection to Microsoft 365 via MS Graph. We are in contact with Microsoft support on how Connect-MsolService can be used to connect to Microsoft 365 using tokens. Once there is a solution, we will get back to you right away.

Could you, please, clarify what functionality of MsolService is required by your workflow? It might be that Connect-AzureAD or other cmdlets that are intended to establish connection to Microsoft 365 can be used. Live examples, scripts currently used and any additional details about the desired behavior would be much appreciated.

0

Reset-MsolStrongAuthenticationMethodByUpn

There are also a number of low-level functions that the module provides that are not available in newer modules, see: https://docs.microsoft.com/en-us/powershell/module/msonline/?view=azureadps-1.0

0

Hello,

Thank you for the clarification. Strong authentication reset can be performed only via MSOnline or MS Graph. If MS Graph does not meet your needs, you can specify credentials for the Connect-MsolService cmdlet via the This account option in the Run as section of the Run a program or PowerShell script action parameters. image.png

To retrieve the credentials and connect to MSOnline, you can use a code like the following:

$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)

Connect-MsolService -Credential $credential

Once we have an answer from Microsoft support on how to connect to MSOnline using the Connect-MsolService cmdlet with authentication tokens, we will publish the solution here right away.

1 Answer

0 votes
by (216k points)

Hello,

Thank you for your patience. Microsoft support officially confirmed that there is no possibility to use tokens for authentication on establishing connection via the Connect-MsolService cmdlet. Also, they confirmed that using the Connect-AzureAD cmdlet currently does not support the required features like managing MFA. As was suggested by Microsoft support representatives, we created the corresponding suggestion on their Azure AD Feedback forum: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/43027941-add-full-functionality-of-ms-online-module-e-g-r.

As we mentioned above, for now you can specify the credentials for connection to MS Online via in the Run As section. Should you have issues adjusting your scripts or writing new ones, please, do not hesitate to contact our Support Team.

Related questions

0 votes
1 answer

Hi all, I got a script that works, but is kinda finicky: $memberListProperty = "adm-CustomAttributeTextMultiValue1" try { $records = $Context.TargetObject.GetEx($memberListProperty) } ... = "fraisalan.ch" } Thank you for your help! Best regards Benjamin

asked Oct 17 by basshunter98 (20 points)
0 votes
1 answer

Is there a command line that would install the admin console and the powershell module silently? we would like to utilize our ConfigMgr system to deploy this app to ... for them to know what modules to install or elevating their user accounts. Thanks!

asked Mar 1, 2017 by ggallaway (300 points)
0 votes
1 answer

Dear Support, can you please advise how to properly troubleshoot Connect-MSOlService? I have x64 Adaxes installation I have this function properly working in Powershell ISE and ... Directory Module for Wind... Powershell version 5.1 Thanks for any advise!

asked Jul 5, 2019 by Dmytro.Rudyi (920 points)
0 votes
1 answer

Any idea if MSOnline 1.1.166.0 is supported? If not any idea when it will be supported?

asked May 3, 2017 by Brajesh (460 points)
0 votes
1 answer

As part of offboarding a user I need to generate a report of all AD groups, Entra groups and all Azure / M365 roles and licenses the user has before they ... about keeping a record of the leavers configured profile to simplify cloning them onto new starters.

asked Jun 24 by dhardyuk (20 points)
3,588 questions
3,277 answers
8,303 comments
548,099 users