Zoho Banner September 2011

Archive for the ‘MFA’ Category

I’ll get to the problem with Powershell Execution Policy shortly, but first a bit of background…

If your AAD/O365 admin accounts are configured for multi-factor authentication (which they should be, because it’s free), you will likely be familiar with the Exchange Online PowerShell Module, which is designed to work with MFA.  Getting to the Module download is not blindingly obvious.  Go to the Hybrid menu option in the Exchange Admin Center and select the second option as shown below.

ps0

 

Once it is downloaded you can launch it and sign-in using the Connect-EXOPSSession command.

OK, that’s all the background.  On with the meat of this article…

Once you’re up an running you might, like me, want to run a script within the session.  This is where things got tricky.  In my case I wanted to run the AnalyzeMoveRequestStats.ps1 script to, well, analyse my mailbox move request statistics as described here.  When I tired to dot source the script as described in the article, I received the standard error you often see when you haven’t got your execution policy set correctly.

ps1

But when I checked my execution policy things looked OK.

ps2

So, what was going on?  After a bit of research, I found there are several different types of execution policy that come into play, as described here.  You can list the current policies by adding the “-list” parameter to the Get-ExecutionPolicy cmdlet.  In my case the current session (Process) was set to RemoteSigned.

ps3

 

The RemoteSigned option was clearly insufficient for my needs, so I had to set it to Unrestricted using the command, Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted.

ps4

 

After running the command, the ExecutionPolicy for Process now showed as Unrestricted.

ps5

I could now dot source the script.

ps6

Note that you will need to change the execution policy each once per session if you are running scripts in this way with the Exchange Online Powershell Module (MFA version).  There is likely a simpler way to set this permanently, but I quite like the fact that the module re-sets the security each time in this way.  Setting the execution policy to Unrestricted permanently is not a good practice.

Please leave a comment if you know of a different way of achieving the same result – especially if easier ;-)

Tony