I find logging into Office 365 in PowerShell can be cumbersome, so I always try to do it by using a script to make it easier. In fact, I’ve automated that process. Here’s how you do it…
But, before you get to that, have you read my article on getting started with Office 365 and PowerShell?
A Note on Encrypting Passwords in PowerShell
Since you would never save a password in a text file (even if your hard drive is encrypted), I recommend you use a feature in PowerShell to encrypt the password. It can only be decrypted by the user who created it. The good news about the encrypted password: you can decrypt it back to clear text. The bad news about the encrypted password: you can decrypt it back to clear text. Regardless, you still must be logged in as the user that created the encryption key to decrypt it.
What You Need to Begin
Before you can connect at all you need to download and install some modules to help you make the connection. The links below have the software you’ll need – if you don’t connect to the Skype for Business you don’t have to download the last one.
- Microsoft Online Service Sign-in Assistant for IT Professionals RTW
- Windows Azure Active Directory Module for Windows PowerShell (64-bit version)
- Windows PowerShell Module for Lync Online (Skype for Business Online)
There are a few things to note about this script and anything else you do in PowerShell:
- It’s always helpful to unload PSSnapins and Modules and variables from memory when you’re using PowerShell scripts – but that’s outside the scope of this blog.
- Execution policy matters. I tend to use the Unrestricted policy because it allows me do what I need to do and it always warns when it is running a script or configuration file unlike bypass.
- If you include Start-Transcript in your scripts or just in your PowerShell console, when you get started it will create a log file of everything you do. I’ve found this very helpful in the past and include it in almost all scripts I write.
Step 1: Creating Your Encrypted Password Key
To log into Office 365 in PowerShell you need the UPN of an Office 365 Global Admin and the password. In this first step we will create the encrypted password key which we will use in our login script.
In the bolded line below you can see the out-file command is expecting to send this to a folder structure of C:\O365\Key
This works for me, if you don’t like it change it – but remember where you put it.
Also note the TENANTNAME part of this key. This is a friendly name like Mirazon or TMG or something that make sense to you. If you leave it at TENANTNAME, the second key you create won’t be happy!
Open PowerShell and paste the command below in. Again, remember to change the name of the key and make sure you have the correct Directory Path.
Read-Host -Prompt “Enter your tenant password” -AsSecureString | ConvertFrom-SecureString | Out-File “C:\O365\key\TENANTNAME.key”
Below I created the key I’ll use for a client’s migration. I used the Client’s Name instead of TENANTNAME.
Then, when you hit enter, it asks for the password and when you enter it, PowerShell masks the input.
If I open the .key file in notepad this is what I see:
Step 2: The Script
So with the key created, the next thing to think about is the script.
Here is the script as a .txt file. Once you edit it you will need to save it as a .ps1.
I won’t go line by line through this script, but I have bolded the only places you may need to change something in the screenshot below.
The first thing you should look at changing is the $TenantUserName, which needs to be your Global Admin Login name for Office 365.
The second thing is the $TenantPassword, which needs to have full path of the key file you created in Step 1.
Lastly, note that if you’re using the Skype for Business part of this you’ll want to remove the Remark ##, which are in front of the lines in the Skype for Business Online Section.
Again, save the attached file as a .ps1 in a location where you can easily access it and open PowerShell. Change into the directory it is in, start typing the name of the file and hit tab.
PowerShell should put the full name of the file in for you and include a “.\” before the file name. So, for me when I ran this file, it was “.\ClientName.ps1”.
Note* If you get an error when trying to run this script because of the Execution Policy then open PowerShell as an administrator and run this command:
Set-ExecutionPolicy Unrestricted
You can see the results below imported sessions from Office 365. Also, note that the title bar tells you what company you’re connected to:
So you’re connected, now what? That’s a good question a quick way you can see commands is to run this command:
Get-Command –Module <Module Name>
In this case the Module name is never the same twice. So Mark and copy the name of the module and use it as I have done below.
Once you’re connected start slowly, use Get Commands to grab information. As you learn more about PowerShell and Office 365 you’ll be configuring objects from there before you know it!