Running Connect-Exchange Online in script

kbcit · November 14, 2025, 6:09pm

Is it possible to run Connect-ExchangeOnline in a cloud script? Ideally, my function would work in the same way as Get-ImmyAzureAuthHeader.

Thanks!

dfoster · March 6, 2026, 8:10pm

I have the need for this as well.

Ricky_Urwiller · April 2, 2026, 8:25pm

I doubt it is possible to get Connect-ExchangeOnline to work how it does on the machine, at least with token creation and caching. It might be possible, and it might be the right way to go.

But more likely i think you would be better served by using the https://outlook.office365.com/adminapi/beta/ API for O365 Exchange Online, AFAIK all the PS ExchangeOnline Modules use this Endpoint. The documentation for this could use more documentation for sure, I found this useful. Exchange Online PowerShell module gets rid of the WinRM dependence - Blog

I have not used it in Immybot, so i dont know how we would generate the EXO Token, possible this would first require providing admin consent to Immybot to have M365 Tenant level access to create a token.

That said, once you have the EXO token generated and you are able to lookup the target domain name /id ($tenant_name below) (which I believe you need to do to create the token in the first place) you can use the “https://outlook.office365.com/adminapi/beta/$tenant_name/InvokeCommand” endpoint to create Exchange Online Powershell command request without using the Exchange Online Powershell Module.

You can do this by creating a header using the token form earlier

$conn_id = $([guid]::NewGuid().Guid).ToString()
$uri = "https://outlook.office365.com/adminapi/beta/$tenant_name/InvokeCommand"
$exoHeaders = @{
    "Authorization" = "Bearer $($exo_token)"
    "X-SerializationLevel" = "Full"
    "X-AnchorMailbox" = $("UPN:SystemMailbox{bb558c35-97f1-4cb9-8ff7-d53741dc928c}@$tenant_name")
    "Prefer" = "odata.maxpagesize=1000"
    "Connection-Id" = "$conn_id"
    "X-CmdletName" = '*'
    "Accept-Charset" = "utf-8"
    "X-ResponseFormat" = "clixml"
}

Then creating a request body, in this case Get-DynamicDistributionGroup -ResultSize Unlimited

$ddgBody = [ordered]@{
  CmdletInput = [ordered]@{
    CmdletName = 'Get-DynamicDistributionGroup'
    Parameters = [ordered]@{
      ResultSize = 'Unlimited'   
    }
  }
} | ConvertTo-Json -Depth 6 -Compress

And then create an Invoke-RestMethod or WebRequest, you probably want to create a module with a helper function to handle pagaination and timeouts. From the commands I have seen in PS Exchange Online, they are all basically just wrappers for this endpoint, so the response should be familiar

$allDdgs = @(
    Invoke-RestMethod -uri $uri -method 'Post' -headers $exoHeaders -body $ddgBody 
)