Hero Banner

Multi-Factor Authentication (MFA)

Learn and ask questions on how to implement MFA

Level 2 Contributor

PowerShell and MFA status

Previous calls, you guys were saying that there were issues when policies were enabled and Exchange Online wouldn't work, etc.  Most of the flaming-hoop solutions involved punting to App Passwords to meet deadlines and what-not.


Trying to figure out the current state of things and not seeing much information out there on that, and often questions of this nature seem to be skipped on the chat of the weekly calls.


When I use App Passwords for scripts, it FAILS for Connect-MsolService, but works for New-PSSession (ExchangeOnline).  Now, this doesn't have the policy applied yet since still waiting on solutions for this and other pieces (Teams Room System) to be engineered, so Exchange may not truly work once that is done.


I did look at the FAQ (https://docs.microsoft.com/en-us/partner-center/partner-security-requirements-faq) but the information about PowerShell - Partner Center PowerShell Multi-Factor Authentication (MFA) document - links to https://docs.microsoft.com/partner-center/develop/multi-factor-auth which returns a gloriously useful "404 - Page not found".


We're nearly a month beyond the "contractually obligated date" and seems like you're still struggling to make your own date with information, let alone get things to a state we can implement this stuff.


Any guidance on how to jump through the next set of flaming hoops would be appreciated.  I'll be on tomorrow's call as well, hopefully there will be more productive answers than have been on the past ones attended.




Level 6 Contributor


The ability for partners to utilize their delegated administrative privileges with Exchange Online PowerShell to perform actions against their customers, when MFA is enforced, will be available in the future. Until then you should leverage this work around.



If we need a workaround, you're not ready to enforce implementation.  It is unfair to put the burden of labor on us when we've invested our efforts to learn how to do what we need to in a scripting environment that we should be able to do within the GUI anyhow, so this has to get fixed prior to forcing implementation on partners to administer their customers.  They rely on us.

Thank you!


@JohnF the link for the article will be fixed shortly, it should be pointing to https://docs.microsoft.com//powershell/partnercenter/multi-factor-auth. There are a number of reasons you might be receiving the unauthorized error with the Connect-MsolService cmdlet. To help narrow it down can you confirm what permissions you have assigned to the Azure AD application you created?