Connect-IPPSSession

This cmdlet is available only in the Exchange Online PowerShell V2 module. For more information, see Connect to Exchange Online PowerShell.

Use the Connect-IPPSSession cmdlet in the Exchange Online PowerShell V2 module to connect to Security & Compliance Center PowerShell or standalone Exchange Online Protection PowerShell.

Note: If your organization is on-premises Exchange, and you have Exchange Enterprise CAL with Services licenses for Exchange Online Protection (EOP), use the Connect-ExchangeOnline cmdlet the Exchange Online PowerShell instructions to connect to your EOP PowerShell environment.

For information about the parameter sets in the Syntax section below, see Exchange cmdlet syntax.

Syntax

Connect-IPPSSession
       [[-ConnectionUri] <String>]
       [[-AzureADAuthorizationEndpointUri] <String>]
       [-BypassMailboxAnchoring]
       [-Credential <PSCredential>]
       [[-DelegatedOrganization] <String>]
       [[-PSSessionOption] <PSSessionOption>]
       [-UserPrincipalName <String>]
       [<CommonParameters>]

Description

This cmdlet allows you to create a remote PowerShell session to Exchange-related PowerShell environments other than Exchange Online PowerShell. For example, Security & Compliance Center PowerShell or standalone Exchange Online Protection PowerShell (for organizations without Exchange Online mailboxes).

Examples

Example 1

$UserCredential = Get-Credential
Connect-IPPSSession -Credential $UserCredential

This example connects to Security & Compliance Center PowerShell in a Microsoft 365 organization.

The first command gets the user credentials and stores them in the $UserCredential variable.

The second command connects the current PowerShell session using the credentials in the $UserCredential, which isn't MFA enabled. Note that after the second command is complete, the password key in the $UserCredential variable becomes empty.

After the Connect-IPPSSession command is successful, you can run Security & Compliance Center cmdlets.

Example 2

Connect-IPPSSession -Credential (Get-Credential) -ConnectionUri https://ps.protection.outlook.com/powershell-liveid/

This example connects to standalone Exchange Online Protection PowerShell in an organization that doesn't have Exchange Online mailboxes.

Parameters

-AzureADAuthorizationEndpointUri

The AzureADAuthorizationEndpointUri parameter specifies the Azure AD Authorization endpoint Uri that can issue OAuth2 access tokens. The following PowerShell environments and related values are supported:

  • Security & Compliance Center PowerShell in Microsoft 365 or Microsoft 365 GCC: Don't use this parameter.
  • Security & Compliance Center PowerShell in Office 365 Germany: https://login.microsoftonline.de/common
  • Security & Compliance Center PowerShell in Microsoft 365 GCC High or Microsoft 365 DoD: https://login.microsoftonline.us/common

This parameter is required in Office 365 Germany, Microsoft 365 GCC High, or Microsoft 365 DoD organizations when you don't use the UserPrincipalName parameter.

Type:String
Position:1
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
-BypassMailboxAnchoring

The BypassMailboxAnchoring switch bypasses the use of the mailbox anchoring hint. You don't need to specify a value with this switch.

Type:SwitchParameter
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online
-ConnectionUri

The ConnectionUri parameter specifies the connection endpoint for the remote PowerShell session. The following PowerShell environments and related values are supported:

  • Security & Compliance Center PowerShell in Microsoft 365 or Microsoft 365 GCC: Don't use this parameter. The required value is https://ps.compliance.protection.outlook.com/powershell-liveid/, but that's also the default value, so you don't need to use this parameter in those environments.
  • Security & Compliance Center PowerShell in Office 365 Germany: https://ps.compliance.protection.outlook.de/PowerShell-LiveID
  • Security & Compliance Center PowerShell in Microsoft 365 GCC High: https://ps.compliance.protection.office365.us/powershell-liveid/
  • Security & Compliance Center PowerShell in Microsoft 365 DoD: https://l5.ps.compliance.protection.office365.us/powershell-liveid/
  • Exchange Online Protection PowerShell in standalone EOP organizations without Exchange Online mailboxes: https://ps.protection.outlook.com/powershell-liveid/
Type:String
Position:0
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online
-Credential

The Credential parameter specifies the username and password that's used to run this command. Typically, you use this parameter in scripts or when you need to provide different credentials that have the required permissions. You don't use this parameter for accounts with multi-factor authentication (MFA).

A value for this parameter requires the Get-Credential cmdlet. To pause this command and receive a prompt for credentials, use the value (Get-Credential). Or, before you run this command, store the credentials in a variable (for example, $cred = Get-Credential) and then use the variable name ($cred) for this parameter. For more information, see Get-Credential.

Type:PSCredential
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online
-DelegatedOrganization

The DelegatedOrganization parameter specifies the customer organization that you want to manage (for example, contosoelectronics.onmicrosoft.com). This parameter only works if the customer organization has agreed to your delegated management via the CSP program.

After you successfully authenticate, the cmdlets in this session are mapped to the customer organization, and all operations in this session are done on the customer organization.

Type:String
Position:2
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online
-PSSessionOption

The PSSessionOption parameter specifies the PowerShell session options to use in your connection to Exchange Online. You store the output of the New-PSSessionOption command in a variable, for example:

$Options = New-PSSessionOption <Settings>

And you use the variable name as the value for this parameter (for example, $Options).

Type:PSSessionOption
Position:3
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online
-UserPrincipalName

The UserPrincipalName parameter specifies the account that you want to use to connect (for example, navin@contoso.onmicrosoft.com). Using this parameter allows you to skip the first screen in authentication prompt, and is used for accounts with MFA.

Type:String
Position:Named
Default value:None
Accept pipeline input:False
Accept wildcard characters:False
Applies to:Exchange Online

Inputs

Outputs