As you know, Microsoft is going to retire the basic authentication for Exchange Online PowerShell during the second half of 2021.
In preparation of this retirement, a new Exchange Online PowerShell module has been released, known as Exchange Online PowerShell module v2 (see https://t.co/Jg3iTICowv).
Well, the next step of this preparation is the introduction of the modern authentication for unattended scripts; you know the script you run using a schedule task with no interaction. The authentication method will use a self-signed certificate to authenticate against an Azure AD Application.
To start using this new capability with your scripts, you need to install the preview module for Exchange Online PowerShell module v2 using the below command
Install-Module -Name ExchangeOnlineManagement -RequiredVersion 2.0.3-Preview -AllowPrerelease
Update-Module -Name ExchangeOnlineManagement –AllowPrerelease
Then you need to generate a self signed certificate using the script available at https://github.com/SharePoint/PnP-Partner-Pack/blob/master/scripts/Create-SelfSignedCertificate.ps1 and the command
.\Create-SelfSignedCertificate.ps1 -CommonName “MyCompanyName” -StartDate 2020-04-01 -EndDate 2022-04-01
or you can use the makecert.exe tool from the Windows SDK.
Capture the certificate thumbprint
Then go to the App registrations blade and register a new application
Create the application using the below settings
Then you need to assign permissions to the newly create application by accessing the API Permissions blade and then Add a permission
Then select Application permissions and the Exchange one under the Supported legacy APIs section to select Exchange.ManageAsApp after selecting Application Permissions
Capture the Application (client) ID of the registered application using the Overview blade
Finally grant the admin consent to the application
Upload the self-signed certificate you have generate earlier by accessing the Certificates & secrets blade
Finally you need to grant one of the administration roles supported – depending of the administration permission you need with your script:
You assign the corresponding administration role(s) from the Azure AD\Roles and administrators blade
You are now ready to include the new modern authentication in your script.
Install the self-signed certificate in the Computer\Personal certificate store.
Replace the commands you used to authenticate and connect to Exchange Online with the below
Connect-ExchangeOnline -CertificateThumbPrint “<certificate thumbprint>” -AppID “<Azure AD application ID>” -Organization “<your Office 365 tenant – mytenant.onmicrosoft.com”