Windows PowerShell: “… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at….”

The Error

When executing some PowerShell scripts, this error comes up.

… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at https://go,microsoft.com/fwlink/?LinkID=135170

The Fix

1 Enter following command then hit Enter key in PowerShell

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted

2 Enter Y or A to continue when prompted.

3 Now we can run the script again, this time there should be no error returned.


How to: Add/Remove Windows Autopilot devices (And assign group – Windows Autopilot deployment profiles)

Table of contents

  1. Method 1 – Via Microsoft Endpoint Manager admin center
  2. Method 2 – via Microsoft Store for Business
  3. Creating the CSV file
  4. *Bonus – Groups (Windows Autopilot deployment profiles)

Method 1 – Via Microsoft Endpoint Manager admin center

1.1 Navigate to Microsoft Endpoint Manager admin center or Endpoint Management

1.1.1 Login to Microsoft 365 admin center

1.1.2 Click on “Endpoint Management” to open “Microsoft Endpoint Manager admin center” or use this link: https://devicemanagement.microsoft.com/

Microsoft 365 admin center menu - Endpoint Management
Microsoft 365 admin center menu – Endpoint Management

1.1.3 Navigate to “Devices -> Enroll devices -> Windows Enrollment -> Devices”

Microsoft Endpoint Manager admin center - Devices Overview
Microsoft Endpoint Manager admin center – Devices Overview
Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment

1.2 Click on “Import” button

Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment - Windows Autopilot devices
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment – Windows Autopilot devices

1.3 It will ask for an CSV file containing

Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment - Windows Autopilot devices - Add Windows Autopilot devices
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment – Windows Autopilot devices – Add Windows Autopilot devices

1.4 Proceed to Section 3 to generate the CSV file then come back to step 1.3 to upload the CSV file

1.5 Now we can assign group for the device by using Group Tag. (Group needs to be created first in order to assign)

Microsoft Endpoint Manager admin center - Enroll deices Windows enrollment - Windows Autopilot devices - Device properties
Microsoft Endpoint Manager admin center – Enroll deices Windows enrollment – Windows Autopilot devices – Device properties

Method 2 – via Microsoft Store for Business

2.1 Login to Microsoft Store for Business: https://businessstore.microsoft.com/ with administrator account

2.2 Proceed to Section 3 to generate the CSV file then come back to continue with step 2.3 to upload the CSV file

2.3 Navigate to “Devices”, click on “+ Add devices” button

Microsoft Store for Business -> Deices
Microsoft Store for Business -> Deices

2.4 Now we can assign group for the device by using “AutoPilot deployment” button (Group needs to be created first in order to assign)

3 Creating the CSV file

Microsoft Doc -> “Adding devices to Windows Autopilot” “Enroll Windows devices in Intune by using the Windows Autopilot” indicates that using following PowerShell script (Save to get-hwidinfo.ps1, then execute it with PowerShell in admin mode) will save required information in “C:\HWID\AutoPilotHWID.csv”

md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

What happen is, it may fail at first and at the last step. Here is the fix.

If it’s saying File X:\get-hwidinfo.ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at https://go,microsoft.com/fwlink/?LinkID=135170

Follow this post to resolve it: Windows PowerShell: “… .ps1 cannot be loaded because running script is disabled on this system, for more information see about_Execution_Policies at….”

If getting another error try following Workaround.

The Workaround

3.1 Save the following PowerShell script to “get-hwidinfo.ps1” then execute in PowerShell in admin mode

md c:\HWID
Set-Location c:\HWID
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Unrestricted
Install-Script -Name Get-WindowsAutoPilotInfo
Get-WindowsAutoPilotInfo.ps1 -OutputFile AutoPilotHWID.csv

3.2 If it fails to output csv file in C:\HWID, save following script to “C:\HWID\Get-WindowsAutoPilotInfo.ps1” (This is version 1.6 not 1.4) (To copy the code, double click the code to select all)

<#PSScriptInfo
 
.VERSION 1.4
 
.GUID ebf446a3-3362-4774-83c0-b7299410b63f
 
.AUTHOR Michael Niehaus
 
.COMPANYNAME Microsoft
 
.COPYRIGHT
 
.TAGS Windows AutoPilot
 
.LICENSEURI
 
.PROJECTURI
 
.ICONURI
 
.EXTERNALMODULEDEPENDENCIES
 
.REQUIREDSCRIPTS
 
.EXTERNALSCRIPTDEPENDENCIES
 
.RELEASENOTES
Version 1.0: Original published version.
Version 1.1: Added -Append switch.
Version 1.2: Added -Credential switch.
Version 1.3: Added -Partner switch.
Version 1.4: Switched from Get-WMIObject to Get-CimInstance.
 
#>
<#
.SYNOPSIS
Retrieves the Windows AutoPilot deployment details from one or more computers
.DESCRIPTION
This script uses WMI to retrieve properties needed by the Microsoft Store for Business to support Windows AutoPilot deployment.
.PARAMETER Name
The names of the computers. These can be provided via the pipeline (property name Name or one of the available aliases, DNSHostName, ComputerName, and Computer).
.PARAMETER OutputFile
The name of the CSV file to be created with the details for the computers. If not specified, the details will be returned to the PowerShell
pipeline.
.PARAMETER Append
Switch to specify that new computer details should be appended to the specified output file, instead of overwriting the existing file.
.PARAMETER Credential
Credentials that should be used when connecting to a remote computer (not supported when gathering details from the local computer).
.PARAMETER Partner
Switch to specify that the created CSV file should use the schema for Partner Center (using serial number, make, and model).
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER -OutputFile .\MyComputer.csv -Append
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER1,MYCOMPUTER2 -OutputFile .\MyComputers.csv
.EXAMPLE
Get-ADComputer -Filter * | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv
.EXAMPLE
Get-CMCollectionMember -CollectionName "All Systems" | .\GetWindowsAutoPilotInfo.ps1 -OutputFile .\MyComputers.csv
.EXAMPLE
.\Get-WindowsAutoPilotInfo.ps1 -ComputerName MYCOMPUTER1,MYCOMPUTER2 -OutputFile .\MyComputers.csv -Partner
 
#>
[CmdletBinding()]
param(
    [Parameter(Mandatory=$False,ValueFromPipeline=$True,ValueFromPipelineByPropertyName=$True,Position=0)][alias("DNSHostName","ComputerName","Computer")] [String[]] $Name = @("localhost"),
    [Parameter(Mandatory=$False)] [String] $OutputFile = "", 
    [Parameter(Mandatory=$False)] [Switch] $Append = $false,
    [Parameter(Mandatory=$False)] [System.Management.Automation.PSCredential] $Credential = $null,
    [Parameter(Mandatory=$False)] [Switch] $Partner = $false,
    [Parameter(Mandatory=$False)] [Switch] $Force = $false
)
Begin
{
    # Initialize empty list
    $computers = @()
}
Process
{
    foreach ($comp in $Name)
    {
        $bad = $false
        # Get a CIM session
        if ($comp -eq "localhost") {
            $session = New-CimSession
        }
        else
        {
            $session = New-CimSession -ComputerName $comp -Credential $Credential
        }
        # Get the common properties.
        Write-Verbose "Checking $comp"
        $serial = (Get-CimInstance -CimSession $session -Class Win32_BIOS).SerialNumber
        # Get the hash (if available)
        $devDetail = (Get-CimInstance -CimSession $session -Namespace root/cimv2/mdm/dmmap -Class MDM_DevDetail_Ext01 -Filter "InstanceID='Ext' AND ParentID='./DevDetail'")
        if ($devDetail -and (-not $Force))
        {
            $hash = $devDetail.DeviceHardwareData
        }
        else
        {
            $bad = $true
            $hash = ""
        }
        # If the hash isn't available, get the make and model
        if ($bad -or $Force)
        {
            $cs = Get-CimInstance -CimSession $session -Class Win32_ComputerSystem
            $make = $cs.Manufacturer.Trim()
            $model = $cs.Model.Trim()
            if ($Partner)
            {
                $bad = $false
            }
        }
        else
        {
            $make = ""
            $model = ""
        }
        # Getting the PKID is generally problematic for anyone other than OEMs, so let's skip it here
        $product = ""
        # Depending on the format requested, create the necessary object
        if ($Partner)
        {
            # Create a pipeline object
            $c = New-Object psobject -Property @{
                "Device Serial Number" = $serial
                "Windows Product ID" = $product
                "Hardware Hash" = $hash
                "Manufacturer name" = $make
                "Device model" = $model
            }
            # From spec:
            #    "Manufacturer Name" = $make
            #    "Device Name" = $model
        }
        else
        {
            # Create a pipeline object
            $c = New-Object psobject -Property @{
                "Device Serial Number" = $serial
                "Windows Product ID" = $product
                "Hardware Hash" = $hash
            }
        }
        # Write the object to the pipeline or array
        if ($bad)
        {
            # Report an error when the hash isn't available
            Write-Error -Message "Unable to retrieve device hardware data (hash) from computer $comp" -Category DeviceError
        }
        elseif ($OutputFile -eq "")
        {
            $c
        }
        else
        {
            $computers += $c
        }
        Remove-CimSession $session
    }
}
End
{
    if ($OutputFile -ne "")
    {
        if ($Append)
        {
            if (Test-Path $OutputFile)
            {
                $computers += Import-CSV -Path $OutputFile
            }
        }
        if ($Partner)
        {
            $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash", "Manufacturer name", "Device model" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile
            # From spec:
            # $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash", "Manufacturer Name", "Device Name" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile
        }
        else
        {
            $computers | Select "Device Serial Number", "Windows Product ID", "Hardware Hash" | ConvertTo-CSV -NoTypeInformation | % {$_ -replace '"',''} | Out-File $OutputFile
        }
    }
}

3.3 Launch PowerShell in admin mode, use following command to generate the csv file for the device

cd C:\HWID
.\Get-WindowsAutoPilotInfo.ps1-OutputFile AutoPilotHWID.csv

3.4 Now we should be able to see an “AutoPilotHWID.csv” file at “C:\HWID\AutoPilotHWID.csv”

4 *Bonus – Groups (Windows Autopilot deployment profiles)

Autopilot deployment profiles are used to configure the Autopilot devices. You can create up to 350 profiles per tenant.

To Create Profile, follow Step 1.1 to Step 1.1.3 (Instead of click on “Devices” click on “Deployment Profiles”)

For more information on different kind of settings for Profiles refer to Enroll Windows devices in Intune by using the Windows Autopilot

Resources:


How to: Hide/Show Office 365 group from GAL and other address lists using PowerShell

1 Login to Office 365 via PowerShell by following this guide: How to: Connect PowerShell to Office 365 Exchange with Multi-factor authentication (MFA) enabled

2 Use following PowerShell command to hide Office 365 group.

Set-UnifiedGroup -identity "Group Name" -HiddenFromExchangeClientsEnabled:$true

To show Office 365 group in GAL and other address lists use the following command

Set-UnifiedGroup -identity "Group Name" -HiddenFromExchangeClientsEnabled:$false

(The default value is $false, which means show in GAL and other address lists)

Extended Reading

Set-UnifiedGroup

Windows PowerShell change Hard Drive/Media type for Windows Server Storage Space / Storage Pool

1 List all physical disks

Get-PhysicalDisk
Microsoft PowerShell - Get-PhysicalDisk
Microsoft PowerShell – Get-PhysicalDisk

2 If you have multiple physical disks with same name use following command

Get-PhysicalDisk | Select-Object SerialNumber,UniqueId, FriendlyName
Microsodr PowerShell - Get-PhysicalDisk | Select-Object SerialNumber,UniqueId, FriendlyName
Microsodr PowerShell – Get-PhysicalDisk | Select-Object SerialNumber,UniqueId, FriendlyName

3 Find the right “UniqueId” for the physical disk which you want to changedrive/media type for

4 Change the hard drive/media type

For systems with physical disks without same name

Set-PhysicalDisk –FriendlyName "PhysicalDisk6" -MediaType SSD

For systems with physical disks with same name

Set-PhysicalDisk –UniqueId "{016ag017-1cd2-81-mugf-26j28503l5vb}" -MediaType SSD

Bonus

-MediaType: Accepted values: HDD, SSD, SCM

Extra Reading

Set-PhysicalDisk

Use PowerShell to Create Virtual Disk on Windows Storage Pool/Storage Space with specific number of columns

PowerShell

New-VirtualDisk -StoragePoolFriendlyName "Existing Pool Name" -FriendlyName "Name for new virtual disk" -ResiliencySettingName Mirror -Size 10TB -ProvisioningType Fixed -NumberOfColumns 2
ParamaterDescription
-StoragePoolFriendlyNameYour existing pool’s friendly name which you want to create virtual disk on
-FriendlyNameA friendly name you want to give for new virtual disk
-ResiliencySettingNameResiliency type to use: Simple, Mirror, Parity
-SizeSize you want to assign to the new virtual disk
-ProvisioningTypeFixed or Thin
-NumberOfColumnsNumber of columns

Generally, Mirror has better performance than Parity but least storage efficient, Simple has best performance but no redundancy at all. If you have enough physical disks in the storage pool, 2 – 4 columns will give you great performance. Keep in mind that when increasing pool capacity, you can usually achieve optimal pool capacity utilization when you add disks in multiples of the number of disks the storage space needs.

Controlling the Number of Columns

Controlling the Number of Columns
Controlling the Number of Columns

Extended reading:

New-VirtualDisk: https://docs.microsoft.com/en-us/powershell/module/storage/new-virtualdisk?view=win10-ps

Controlling the number of columns: https://social.technet.microsoft.com/wiki/contents/articles/11382.storage-spaces-frequently-asked-questions-faq.aspx#Controlling_the_Number_of_Columns

Windows Server Storage Space/Storage Pool Reattach straightway after physical disk retired

Only reattach if you are sure the physical is in good working condition, if not, you really should replace the physical disk for the Storage Pool

See this guide for replacing disk: How to fix: Windows Storage Space/Storage Pool physical disk lost communication, replace dead physical disk

1 Launch PowerShell in admin mode

2 Use “Get-PhysicalDisk” to list all physical disks

Get-PhysicalDisk

3 Use “Get-PhysicalDisk | Select-Object SerialNumber,UniqueID” to get serial number of the physical disk (It’s very useful when you have multiple physical disks with same name)

Get-PhysicalDisk | Select-Object SerialNumber,UniqueID

4 Use “Set-PhysicalDisk -UniqueID “{SerialNumber}” -Usage AutoSelect” to reattach the physical disk

Set-PhysicalDisk -UniqueID "{4a5bbag5-cc77-01ab-a8ba-520c1af8885b}" -Usage AutoSelect

5 Use “Repair-VirtualDisk -FriendlyName ‘Name of the virtual disk within the pool'” to repair the virtual disk

Repair-VirtualDisk -FriendlyName 'Name of the virtual disk within the pool'

6 Use “Optimize-StoragePool -FriendlyName “Pool Name”” to optimize the storage pool

Optimize-StoragePool -FriendlyName "Pool Name"

How to fix: Windows Storage Space/Storage Pool, Virtual Disk not attaching automatically on reboot

1 Launch PowerShell from start menu or “Run” window with admin privilege

2 Use following command to check “-IsManualAttach” attribute

Get-VirtualDisk | Select-Object IsManualAttach

Or use following command to show all virtual disks with “IsManualAttach” attributes

Get-VirtualDisk | Where-Object {$_.IsManualAttach –eq $True}
Windows PowerShell -  Get-VirtualDisk | Select-Object IsManualAttach
Windows PowerShell – Get-VirtualDisk | Select-Object IsManualAttach

3 Use following command to set “IsManualAttach” to false, so that it will attach on reboot

Set-VirtualDisk -FriendlyName "virtual disk name" -IsManualAttach 0

e.g.

Set-VirtualDisk -FriendlyName "my virtual disk" -IsManualAttach 0

Or to use following command to change all virtual disks to auto attach on reboot

Get-VirtualDisk | Where-Object {$_.IsManualAttach –eq $True} | Set-VirtualDisk –IsManualAttach $False

How to: Check Windows Storage Space, Storage pool virtual disk Columns

Using PowerShell

Get-VirtualDisk "name of the virtual disk" | Select-Object *

To get general information, use following command instead

Get-VirtualDisk "name of the virtual disk"

Using Server Manager

1 Launch Windows “Server Manager”

2 In Windows Server 2019, navigate to “Server Manager -> File and Storage Services -> Storage Pools -> Virtual Disks”

3 Right click on the virtual disk, select “Property”

4 Click on “Details”

5 Select “NumberOfColumns” from “Property:”

6 The number of columns will be displayed underneath.

Note

If after rebooting, virtual disks are not attaching automatically, follow this guide to make them auto attach on reboot.

How to fix: Windows Storage Space/Storage Pool physical disk lost communication, replace dead physical disk

Keywords: Windows Server, Windows Server 2019, Windows Server Storage Space, Windows Server Storage Pool, physical disk, lost communication, Warning, Error, replace, replace disk

If you are running Windows Storage Space on USB disks, when you change disk cache settings, or accidentally disconnected one of the USB disk from Windows Storage Space (With minimum 1 disk fault tolerance, e.g. Parity, Mirror), or due to other reasons that caused one of the physical disk showing error or warning from Windows Server Manager

For simply reattaching the physical disk, check our this guide: Windows Server Storage Space/Storage Pool Reattach straightway after physical disk retired

Warning: Always backup all data on the storage pool if possible or at least important data

Replace the physical disk

1 Launch “Windows PowerShell” in admin mode

2 Use following command to list all physical disks

Get-PhysicalDisk
Windows PowerShell - Get-PhysicalDisk
Windows PowerShell – Get-PhysicalDisk

3 If you have multiple physical disks with same name, use following command to distinguish among them, you probably can find serial number on the label from hard drive

Get-PhysicalDisk | select-object serialnumber, uniqueid, friendlyname, operationstatus, healthstatus
Windows PowerShell - Get-PhysicalDisk | select-object serialnumber, uniqueid, friendlyname, operationstatus, healthstatus
Windows PowerShell – Get-PhysicalDisk | select-object serialnumber, uniqueid, friendlyname, operationstatus, healthstatus

(Before mark the physical disk as retired you might want to check which virtual disks will be affected, you can use following command to check virtual disks)

Get-Virtual-Disk

4 Mark the disk we want to remove as “retired”

  • Using Friendly Name
Set-PhysicalDisk -FriendlyName 'PhysicalDiskName' -Usage Retired

e.g.

 Set-PhysicalDisk -FriendlyName 'Contoso Disk' -Usage Retired 
  • Using Serial Number
Set-PhysicalDisk -uniqueid 'Serial Number' -Usage Retired

e.g.

Set-PhysicalDisk -uniqueid '{29e928d2-2793-11ea-a6db-000c29b85813}' -Usage Retired
Windows PowerShell - Set-PhysicalDisk -uniqueid 'Serial Number' -Usage Retired
Windows PowerShell – Set-PhysicalDisk -uniqueid ‘Serial Number’ -Usage Retired

5 Once the disk is marked to be removed.  We need to rebuild each of our virtual disks

Repair-VirtualDisk -FriendlyName 'Name of the virtual disk within the pool'

e.g.

Repair-VirtualDisk -FriendlyName 'my disk on pool'

6 We can monitor the repairing progress

Get-StorageJob
Windows PowerShell - Get-StorageJob
Windows PowerShell – Get-StorageJob

7 Once everything is done, we can remove the disk from the pool

Remove-PhysicalDisk -FriendlyName 'PhysicalDiskName'

Note: If you have many physical disks with same name we can use “Server Manager” to remove it, follow step 7.1 to

7.1 Launch “Server Manager”

Windows Server 2019 - Server Manager - Dashboard
Windows Server 2019 – Server Manager – Dashboard

7.2 Find the disk with exclamation mark and showing “Retired” as operational Status

Windows Server 2019 - Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks
Windows Server 2019 – Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks

7.3 Right click on the disk then click on “Remove Disk”, you will see following window

Windows Server 2019 - Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks -> Remove Disk
Windows Server 2019 – Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks -> Remove Disk

7.4 When it’s done, following windows will appear

Windows Server 2019 - Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks -> Remove Disk
Windows Server 2019 – Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks -> Remove Disk

8 Now we can attache our new physical disk then add it to the pool from “Server Manager” Window

Re-attach the physical disk

In case of human error caused the physical to be recognised as faulty but you are sure that the physical disk is in prefect condition, we need to re-attach the physical disk

(You might get “suspended 0” from “Get-StorageJob” just continue with the guide, usually the “suspended” will not resolve itself if we don’t do anything…)

2.1 Try to follow step 1 to 8, ignore errors if there is any

2.2 Try to “Reset Disk” if the exclamation mark is gone, try to repair the virtual disk, if it is still there after Reset, continue with step 2.3

Windows Server 2019 - Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks -> Remove Disk
Windows Server 2019 – Server Manager -> File and Storage Services -> Storage Pools -> Physical Disks -> Remove Disk

2.3 Try to follow step 1 – 3 to find out the “serial number” or “friendly name” of the disk which we want to re-attach, then using following command to change the disk state from “Retired” to “Auto”

Set-PhysicalDisk -UniqueID "{3b3bbdf4-cc77-13bd-a8ba-429c9ce9957a}" -Usage AutoSelect

2.4 Now we can follow step 5 to repair the virtual disk in degraded mode (We can right click the virtual disk from “Server Manager” then select “Repair Virtual Disk” as well)

Bonus

Other useful commands

# Optimise the Storage Pool 
Get-StoragePool "pool name" | Optimize-StoragePool
# Update Storage Pool to latest version
Update-StoragePool -FriendlyName "pool name"

Quick steps from Microsoft technet (Not suitable for systems with physical disks with same names)

  1. Open PowerShell in admin mode (PowerShell ISE is better)
  2. To get the names of the disks, type the following command:
    Get-PhysicalDisk
  3. To get the names of the virtual disks, type the following command:
    Get-Virtual-Disk
  4. First mark the disk you want to remove as “retired” by the following command:
    Set-PhysicalDisk -FriendlyName ‘PhysicalDiskXX’ -Usage Retired
  5. Now your disk is mark to be removed.  You need to rebuild each of your virtual disks with the following command:
    Repair-VirtualDisk -FriendlyName ‘My Virtual Disk’
  6. You can monitor the progression of the process by typing the following command:
    Get-StorageJob
  7. Once everything is done, just remove the disk from the pool with this command:
    Remove-PhysicalDisk -FriendlyName ‘PhysicalDiskXX’
  8. That’s it!

How to: Connect PowerShell to Office 365 Exchange with Multi-factor authentication (MFA) enabled

Keywords: Microsoft, Microsoft Windows, Microsoft Office 365, Microsoft Windows PowerShell, Microsoft Office 365 Exchange, Multi-factor authentication, MFA, ecp, connect to Microsoft Office 365 Exchange via PowerShell with MFA enabled

1 Use Microsoft Edge or Internet Explorer (You have to use Microsoft Edge or Internet Explorer for this one) to login to: https://outlook.office365.com/ecp/

2 Click on “hybrid”, find “The Exchange Online PowerShell Module supports multi-factor authentication. Download the module to manage Exchange Online more securely. Learn more” click on “configure”

Microsoft Office 365 Exchange admin center
Microsoft Office 365 Exchange admin center

3 Click on “Open” button from the browser

Microsoft Edge - Microsoft Office 365 Exchange admin center - hybrid - configure
Microsoft Edge – Microsoft Office 365 Exchange admin center – hybrid – configure

4 If you get a pop up asking “How do you want to open this?” Select “Microsoft Edge” then click on “OK” button

Microsoft Edge - "How o you want to open this?"
Microsoft Edge – “How o you want to open this?”

5 A Windows PowerShell window will pop up upon finishing downloading.

Microsoft Windows PowerShell
Microsoft Windows PowerShell

6 Enter following command and press “Enter” key (Change “[email protected]” to proper administrator email address)

Connect-EXOPSSession -UserPrincipalName [email protected]

e.g.

Connect-EXOPSSession -UserPrincipalName [email protected]

7 Sign with “Sign in to your account” pop up window, enter your password then authorise via MFA

Microsoft Windows PowerShell - MFA login
Microsoft Windows PowerShell – MFA login

8 The warning is fine, we can still use the PowerShell to manage Microsoft Office 365 Exchange

 Microsoft Windows PowerShell - Exchange logged in
Microsoft Windows PowerShell – Exchange logged in

Now, you have successfully connected to Microsoft Office 365 Exchange via Windows PowerShell.

Bonus:

You can use following command to list identity information from your groups

Get-UnifiedGroup -Identity "Group Name" | Format-List

e.g.

Get-UnifiedGroup -Identity "Financial" | Format-List