1

I need to use Connect-MSolservice to list MFA enabled accounts. Does Connect-MSolservice support using Service Principal Account for authentication?

Tony Ju
  • 14,891
  • 3
  • 17
  • 31
Giulio Astori
  • 11
  • 1
  • 2

1 Answers1

0

Shortly Yes It supports. But not in all version!

When attempting to use Connect-MsolService with an MFA-enabled admin account you may receive a legacy authentication prompt instead of modern authentication prompt.

Legacy prompt will fail authentication request as it does not support modern authentication and requires either MFA disabled or application password. This incorrect prompt is due to older version of MSOnline PowerShell module being installed on the machine.

To fix this issue, you need to ensure you have the latest version installed for MSOnline module

Run below power shell command to install new version, make sure you are running the powershell as admin

C:\> Install-Module -Name MSOnline

See the screen shot below:

enter image description here

Once the updated module is installed, you will need to close and reopen PowerShell window. With a new PowerShell window open, run the Connect-MsolService cmdlet. This time you will see a new modern authentication prompt that will let you go thorugh MFA authentication process without any issues

Note: PowerShell 1.0 is not supported for your case, so you do have to uninstall 1.0 before implementing above process

For more information you could have a look on following article

  1. CONNECT-MSOLSERVICE AUTHENTICATION WITH MFA ENABLED
  2. Service Principal Authentication
  3. Some MFA example
Md Farid Uddin Kiron
  • 16,817
  • 3
  • 17
  • 43
  • Thanks .. do you have a snippet sample on how to connect using the Service Principal? .. I couldn't find any reference that MSolservice supports SP for authentication. – Giulio Astori Apr 19 '19 at 09:40
  • @GiulioAstori Yeah, The link I have shared have step to step snippet. Please have a look on that. I hope it will help you. – Md Farid Uddin Kiron Apr 19 '19 at 09:45
  • The original post is about using a Service Principal account. This post on SO suggests that a service principal account will **not** work with Connect-MsolService: https://stackoverflow.com/questions/55747310/connecting-with-service-principal-using-connect-msolservice – spencerstewart Dec 04 '19 at 18:45
  • i dont see the relevant snippet in the links.. post not relevant imo – Pixel Dec 24 '20 at 16:05