Hybrid Exchange PowerShell Tool Now Has Multifactor Authentication

IT pros managing Exchange Server and Exchange Online accounts via remote PowerShell now have the ability to protect those sessions with multifactor authentication.

Microsoft announced that capability this week with a new multifactor authentication option for the Office 365 Hybrid Configuration Wizard. The wizard is a configuration tool for organizations that use Exchange Server on premises and Exchange Online services delivered from Microsoft's datacenters. Microsoft built this wizard into Exchange Server 2016 and Exchange Server 2013 Cumulative Update 10 and greater. It will also work with some older Exchange Server versions, according to a Microsoft FAQ document.

Multifactor authentication is a secondary means of verifying a user's identity on top of a password. Typically, users must respond to an instant-message challenge or an automated phone call to verify their identities before gaining access. Until this week, that security protection wasn't available for users of the Office 365 Hybrid Configuration Wizard (HCW), but users have wanted the feature nonetheless, Microsoft's announcement explained:

Many Exchange Online customers wanted the extra level of security that is offered with Multi-Factor Authentication, which allows you to force the administrator account to use Multi-Factor Authentication. However, because of a limitation in Remote PowerShell, Exchange Online administrators could not connect with a Multi-Factor enabled account. In addition, as the Office 365 Hybrid Wizard also requires Remote PowerShell connections to Exchange Online, prior to now, the account you used to run the HCW could not be enabled for Multi-Factor Authentication.

IT pros can enable multifactor authentication for the wizard by downloading a new module from within the Exchange Online Admin Center, as described in Microsoft's announcement. There's one exception for "21 Vianet Greater China tenants," as they also will have to download a specific Office 365 Hybrid Configuration Wizard to get multifactor authentication protection.

To use the new capability, the accounts using multifactor authentication have to be "enabled for remote PowerShell." Moreover, "TCP Port 80 needs to be open" for the connection, a Microsoft TechNet article explained.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • Microsoft Nabs IoT Platform Provider Express Logic

    As part of its plan to invest $5 billion in IoT technologies, Microsoft this week acquired Express Logic, which provides real-time operating systems for industrial embedded and IoT devices.

  • Dealing with Broken Dependencies in SCVMM

    Brien shows you how to resolve some broken, template-related dependencies in Microsoft's System Center Virtual Machine Manager.

  • AzCopy Preview Adds AWS S3 Data Transfer Improvements

    Microsoft announced this week that it has improved the preview version of its AzCopy tool to better handle Amazon Web Services (AWS) S3 data.

  • Microsoft Adding Google G Suite Migration in Exchange Admin Center

    Microsoft's Exchange Admin Center will be getting the ability to move Google G Suite calendar, contacts and e-mail data over to the Office 365 service "in the coming weeks."

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.