Automating with PowerShell: Faster Exchange PowerShell commands

We’ve had the ExchangeOnlineManagement PowerShell module for some time now. This module is the faster and better method of managing Exchange Online via PowerShell – It just has some downsides right now for most Microsoft Partners.

The PowerShell module does not support the Secure Application Model, a security model that all Microsoft partners have had to adopt to retain their partnership. the Secure Application Model is SPN based authentication and allows partners to connect to all their tenants using the same SPN – This is of course super convenient. Unfortunately it’s not a priority at Microsoft to make the ExchangeOnlineManagement PowerShell module compatible with the Secure Application Model.

This has led me to reverse engineer the module specifically to create Secure Application Model support, and get access to those faster cmdlets. For this I’ve created the module ExchangeOnlineManagement.SAM, where SAM stands for Secure Application Model.

This module has all the faster cmdlets, and connects to client tenants using the SAM. Of course, the standard limitations still are in play for Microsoft Partners.

Using the module

This module has been published to the PowerShell Gallery. Use the following command to install the module:

 install-module ExchangeOnlineManagement.SAM

You can use the following command line to connect to Exchange Online using the Secure Application Model:

Connect-ExchangeOnline -DelegatedOrganization "Delegate.onmicrosoft.com" -ExchangeRefreshToken "YourVerylongRefreshToken" -UPN "A-Valid-UPN" 

If you’re new to the module, you can add “ShowBanner” as follows to see exactly which cmdlets have faster and more reliable alternatives;

Connect-ExchangeOnline -DelegatedOrganization "Delegate.onmicrosoft.com" -ExchangeRefreshToken "YourVerylongRefreshToken" -UPN "A-Valid-UPN" -ShowBanner

And that’s it! any more help file I’ll publish on the github page here. I hope you all enjoy, and happy PowerShelling!

ps: Remember to join the CyberDrainCTF if you wanna prove you are the best sysadmin in the world.

4 Comments

  1. Kym July 13, 2021 at 7:34 am

    Awesome scripts here, thanks for your contributions!. I’m having a little issue with this one and not sure why. I’ve installed the module and it shows in the list of installed modules, however the command doesn’t seem to work when I try to connect. Error below:

    Connect-ExchangeOnlineManagement : The term ‘Connect-ExchangeOnlineManagement’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is
    correct and try again.
    At line:1 char:1
    + Connect-ExchangeOnlineManagement -DelegatedOrganization “geekitup.onm …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : ObjectNotFound: (Connect-ExchangeOnlineManagement:String) [], CommandNotFoundException
    + FullyQualifiedErrorId : CommandNotFoundException

    1. Stuart August 5, 2021 at 10:09 am

      Think you’re looking to type “Connect-ExchangeOnline” rather than with “Management”?

  2. Russell Feagley August 31, 2021 at 3:03 am

    I’m trying to use this for checking if audit logging is enabled in each customer tenant. It seems that I can connect to each org, but there isn’t a disconnect-exchangeonline command available to disconnect after going through each tenant. Do you plan on updating this module to include the disconnect command, or have any recommendations for adding a disconnect-exchangeonline command.

    1. Glenn September 1, 2021 at 9:48 am

      You can easily disconnect from any exchange online connection by running the command :

      Get-PSSession | Remove-PSSession

      This works on any version of exchange powershell inlcuding this one.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.