PowerShell Office 365 Remote Connections

There are two methods to use PowerShell to connect to a remote systems not part of your domain, typically used when connection to Office 365 Exchange Online.

The method used depends if you have Multi-Factor Authentication enabled or not.

For using PowerShell on remote system see this {link disabled}

To start a remote session

Only Basic Authentication

  1. Open a PowerShell Window
  2. You need to run three commands
$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri <insert URL from the table below> -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session -DisableNameChecking
Office 365 connectionConnectionUri Value
US Government Community Cloud Highhttps://outlook.office365.us/powershell-liveid/
Office 365 Germanyhttps://outlook.office.de/powershell-liveid/
Office 365 21Vianethttps://partner.outlook.cn/PowerShell

MFA enabled for Office 365

You need a browser with ClickOnce support, like Edge or IE.

  1. Open the Exchange Admin Center in Office 365
  2. Go to click the Hybrid section
  3. Click on configure button to download the Exchange Online Remote PowerShell Module for multi-factor authentication.
  4. New window appears, click Install

You only need to do the above steps once, after that you can access the

  1. Open the Exchange Online Remote PowerShell Module. Found in Start > Microsoft Corporation > Microsoft Exchange Online Remote PowerShell Module
  2. Run the command
Connect-EXOPSSession -UserPrincipalName <UPN> [-ConnectionUri <ConnectionUri> -AzureADAuthorizationEndPointUri <AzureADUri>]
Office 365 ConnectionUri parameter valueConnectionUri parameter value
NormalNot UsedNot Used
Office 365 GCC Highhttps://outlook.office365.us/powershell-liveidhttps://login.microsoftonline.us/common
Office 365 DoDhttps://webmail.apps.mil/powershell-liveidhttps://login.microsoftonline.us/common
Office 365 Germanyhttps://outlook.office.de/PowerShell-LiveIDhttps://login.microsoftonline.de/common
  1. The verification windows open, enter your login, password and code when prompted

To end a remote session

When you are done run this command to kill the remote session and free up the connection. Failure to clear your session will result in your session staying open until it expires, which could cause you to reach the remote session limit for your server.

Basic Authentication session

Remove-PSSession $Session

MFA session

Get-PSSession | Remove-PSSession

What to change when behind a proxy server

For Basic Authentication

  • Open a PowerShell windows
  • Run these four commands
$ProxyOptions = New-PSSessionOption -ProxyAccessType AutoDetect

There are three values for ProxyAccessType parameter: IEConfig, WinHttpConfig, or AutoDetect. The last one works with most but some servers need help.

$UserCredential = Get-Credential
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri <insert URL> -Credential $UserCredential -Authentication Basic -AllowRedirection -SessionOption $ProxyOptions
Import-PSSession $Session -DisableNameChecking


Error: “Files cannot be loaded…”

Full error message reads “Files cannot be loaded because running scripts is disabled on this system. Provide a valid certificate with which to sign the files”

  1. Open a administrator elevated PowerShell (aka “Run as Administrator”)
  2. Execute the following command
Set-ExecutionPolicy RemoteSigned

You need to do this only once on a system

Error Access Denied

Office 365 Delegated Access Permission (DAP) partners cannot connect to their customer tenant organizations in Exchange Online PowerShell. It will not work with delegated authentication.

The most common issue is either your username or password are wrong. Use notepad to copy and paste into the fields to double check everything is correct.

If your using Office 365 make sure your account has permissions as an Exchange Administrator by logging into the portal. If you have access via the portal but not PowerShell your PowerShell access could be disabled, but first triple check that username and password.

Error: Cannot Connect

Port 80 and 443 needs to be open between you and the server. Also double check the connection URL and make sure its typed correctly.

Error: The WinRM client cannot process the request.

Full error message “The WinRM client cannot process the request. Basic authentication is currently disabled in the client configuration. Change the client configuration and try the request again.”

WinRM needs to be running for you to check. Servers by default have the service running, Client systems by default have it turned off.

  1. Open a elevated Command Prompt
  2. Run this command
winrm get winrm/config/client/auth

Look for the value Basic = true, if its listed as false run this command

winrm set winrm/config/client/auth @{Basic="true"}


Did you get a clue?

If you got a clue and want to thank me, then visit the thank me page. It’s the best way to keep me publishing articles and keeping this site operation.

This site uses affiliate links. When you go to another site from here the link typically will have an affiliate code attached to it. Your actions on that site may earn a small commission for me. Read our affiliate link policy for more details.


Scroll to Top