Hybrid Exchange PowerShell Tool Now Has Multifactor Authentication -- Redmondmag.com

Hybrid Exchange PowerShell Tool Now Has Multifactor Authentication

By Kurt Mackie
03/17/2017

IT pros managing Exchange Server and Exchange Online accounts via remote PowerShell now have the ability to protect those sessions with multifactor authentication.

Microsoft announced that capability this week with a new multifactor authentication option for the Office 365 Hybrid Configuration Wizard. The wizard is a configuration tool for organizations that use Exchange Server on premises and Exchange Online services delivered from Microsoft's datacenters. Microsoft built this wizard into Exchange Server 2016 and Exchange Server 2013 Cumulative Update 10 and greater. It will also work with some older Exchange Server versions, according to a Microsoft FAQ document.

Multifactor authentication is a secondary means of verifying a user's identity on top of a password. Typically, users must respond to an instant-message challenge or an automated phone call to verify their identities before gaining access. Until this week, that security protection wasn't available for users of the Office 365 Hybrid Configuration Wizard (HCW), but users have wanted the feature nonetheless, Microsoft's announcement explained:

Many Exchange Online customers wanted the extra level of security that is offered with Multi-Factor Authentication, which allows you to force the administrator account to use Multi-Factor Authentication. However, because of a limitation in Remote PowerShell, Exchange Online administrators could not connect with a Multi-Factor enabled account. In addition, as the Office 365 Hybrid Wizard also requires Remote PowerShell connections to Exchange Online, prior to now, the account you used to run the HCW could not be enabled for Multi-Factor Authentication.

IT pros can enable multifactor authentication for the wizard by downloading a new module from within the Exchange Online Admin Center, as described in Microsoft's announcement. There's one exception for "21 Vianet Greater China tenants," as they also will have to download a specific Office 365 Hybrid Configuration Wizard to get multifactor authentication protection.

To use the new capability, the accounts using multifactor authentication have to be "enabled for remote PowerShell." Moreover, "TCP Port 80 needs to be open" for the connection, a Microsoft TechNet article explained.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.

Featured

Cisco Warns of Brute Force Attacks Targeting VPNs and Firewalls

Cisco has revealed that a global increase in brute force attacks targeting Virtual Private Networks (VPNs) and other devices is currently taking place.
What's Inside Microsoft 365's Security Toolbox?

Microsoft provides plenty of native tools to secure Microsoft 365. IT pros just have to know where to look.
Microsoft Kills 30-Day Data Retention Policy for Copilot in Fabric

Microsoft this week announced several usability improvements coming to Copilot in Fabric in preparation of its general availability release later this year.
Using Microsoft Office to Build a Network Diagram 2

Now that we've set up our process, let's dig in with the actual execution.
Microsoft Graph 'Activity Logs' Feature Goes Live

Microsoft announced the general availability of the "activity logs" capability in Microsoft Graph, giving administrators more options to track user activity and identify patterns of potential misuse.