Hybrid Exchange PowerShell Tool Now Has Multifactor Authentication

IT pros managing Exchange Server and Exchange Online accounts via remote PowerShell now have the ability to protect those sessions with multifactor authentication.

Microsoft announced that capability this week with a new multifactor authentication option for the Office 365 Hybrid Configuration Wizard. The wizard is a configuration tool for organizations that use Exchange Server on premises and Exchange Online services delivered from Microsoft's datacenters. Microsoft built this wizard into Exchange Server 2016 and Exchange Server 2013 Cumulative Update 10 and greater. It will also work with some older Exchange Server versions, according to a Microsoft FAQ document.

Multifactor authentication is a secondary means of verifying a user's identity on top of a password. Typically, users must respond to an instant-message challenge or an automated phone call to verify their identities before gaining access. Until this week, that security protection wasn't available for users of the Office 365 Hybrid Configuration Wizard (HCW), but users have wanted the feature nonetheless, Microsoft's announcement explained:

Many Exchange Online customers wanted the extra level of security that is offered with Multi-Factor Authentication, which allows you to force the administrator account to use Multi-Factor Authentication. However, because of a limitation in Remote PowerShell, Exchange Online administrators could not connect with a Multi-Factor enabled account. In addition, as the Office 365 Hybrid Wizard also requires Remote PowerShell connections to Exchange Online, prior to now, the account you used to run the HCW could not be enabled for Multi-Factor Authentication.

IT pros can enable multifactor authentication for the wizard by downloading a new module from within the Exchange Online Admin Center, as described in Microsoft's announcement. There's one exception for "21 Vianet Greater China tenants," as they also will have to download a specific Office 365 Hybrid Configuration Wizard to get multifactor authentication protection.

To use the new capability, the accounts using multifactor authentication have to be "enabled for remote PowerShell." Moreover, "TCP Port 80 needs to be open" for the connection, a Microsoft TechNet article explained.

About the Author

Kurt Mackie is senior news producer for the 1105 Enterprise Computing Group.


  • How To Use PowerShell Like a Spreadsheet

    Instead of viewing data in a static list, use PowerShell's grid view capability to manipulate how your data is displayed.

  • How To Ransomware-Proof Your Backups: 4 Key Best Practices

    Backups are the only guaranteed way to save your data after a ransomware attack. Here's how to make sure your backup strategy has ransomware mitigation built right in.

  • Microsoft Helps Office Users Cope with Unfamiliar Acronyms

    A new AI-powered feature in Office scans your e-mails and documents to help you tell one "SaaS" apart from another.

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.