MsolService (MSOnline Module) and depreciation of GetOffice365Credential

Question

We still use MsolService (MSOnline) Cmdlets because newer modules don't have some of the features. With the depreciation of GetOffice365Credential how should we should we move forward? Go back to SecureString and PSCredential values again or use the Azure token?

Connect-MsolService -AdGraphAccessToken $Context.CloudServices.GetAzureAuthAccessToken()

Comments

Hello,

Unfortunately, the approach used in your example will not work because the token returned by the GetAzureAuthAccessToken() method can be used only for connection to Microsoft 365 via MS Graph. We are in contact with Microsoft support on how Connect-MsolService can be used to connect to Microsoft 365 using tokens. Once there is a solution, we will get back to you right away.

Could you, please, clarify what functionality of MsolService is required by your workflow? It might be that Connect-AzureAD or other cmdlets that are intended to establish connection to Microsoft 365 can be used. Live examples, scripts currently used and any additional details about the desired behavior would be much appreciated.

---

Reset-MsolStrongAuthenticationMethodByUpn

There are also a number of low-level functions that the module provides that are not available in newer modules, see: https://docs.microsoft.com/en-us/powershell/module/msonline/?view=azureadps-1.0

---

Hello,

Thank you for the clarification. Strong authentication reset can be performed only via MSOnline or MS Graph. If MS Graph does not meet your needs, you can specify credentials for the Connect-MsolService cmdlet via the This account option in the Run as section of the Run a program or PowerShell script action parameters.

To retrieve the credentials and connect to MSOnline, you can use a code like the following:

$password = ConvertTo-SecureString -AsPlainText -Force -String $Context.RunAs.Password
$credential = New-Object System.Management.Automation.PsCredential($Context.RunAs.UserName, $password)

Connect-MsolService -Credential $credential

Once we have an answer from Microsoft support on how to connect to MSOnline using the Connect-MsolService cmdlet with authentication tokens, we will publish the solution here right away.

Answer 1

Hello,

Thank you for your patience. Microsoft support officially confirmed that there is no possibility to use tokens for authentication on establishing connection via the Connect-MsolService cmdlet. Also, they confirmed that using the Connect-AzureAD cmdlet currently does not support the required features like managing MFA. As was suggested by Microsoft support representatives, we created the corresponding suggestion on their Azure AD Feedback forum: https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/43027941-add-full-functionality-of-ms-online-module-e-g-r.

As we mentioned above, for now you can specify the credentials for connection to MS Online via in the Run As section. Should you have issues adjusting your scripts or writing new ones, please, do not hesitate to contact our Support Team.