CA Policies require: Azure AD Premium P1 license.
But yea, if you dont have that, then you cant use this option. But otherwise, what you want to do wont work as there is no way to force two authentication methods on an app like this.
Exchange Online Powershell - MFA for unattended scripts
I have been able to setup certificate based authentication for Exchange Online Powershell using the document seen here: https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
This was pretty easy to setup in only a few minutes.
However, corporate policy absolutely requires two factors of authentication for any process accessing sensitive data. Possession of a certificate is only a single factor in this scenario. Is there a way to require a valid user account + certificate, or perhaps an app password + certificate?
-
Andy David - MVP 142.3K Reputation points MVP
2021-11-16T21:53:38.647+00:00
1 additional answer
Sort by: Most helpful
-
Andy David - MVP 142.3K Reputation points MVP
2021-11-16T19:58:40.917+00:00 sorry, that wouldnt really work with cert auth - that's the whole point of using a cert really :)
Having said that, in the future, you should be able to create a Conditional Access policy that you will only accept connections for service principals from "Trusted IPs" - the way you cna set now for regular users. If these scripts are running from on-prem servers for example, you could create a policy that only permits connections from those IPs - that would be pretty secure in addition to the cert auth.