Automate tasks secure with Powershell against Office 365

Part 1: Create a service account
In order to run a script we will use a separate service account. Create this account in Active Directory without additional permissions but with a strong password. In Office 365 I made this account Exchange Administrator for demo purposes but you can limit permissions depending on the tasks you want to automate.

Part 2: Create a secure text file with the password.
It’s important to run this step on the computer/server you use for automating the task as the password file will be stored in an encrypted file on the computer and  only the computer running the task is able to decrypt it. Start Powershell as administrator and provide this cmdlet. note: don’t change “Enter Password” as the password will be provided after this cmdlet.

Read-Host “Enter Password” -AsSecureString |  ConvertFrom-SecureString | Out-File “C:\scripts\Password.txt”

Now type in the password and hit enter. Note: this is the password of the service account you created in part 1. The encrypted txt file is now on the specified location (in my example in C:\scripts\Exchange_Online\).

Part 3: Create a script with the task you want to automate.
In my example, I will create a script which will connect to Exchange Online, set all mailbox quota’s on 25GB and nicely disconnect the session afterwards. Open Powershell ISE as administrator and copy/paste the following script. Adjust the $TenantUname which is the UPN of the service account and for $TenantPass make sure the encrypted password file is there.

#Building op the session to Exchange Online Using the AD account DOMAIN\SVC_SCRIPTS
$TenantPass = cat “C:\Scripts\Exchange_Online\Password.txt” | ConvertTo-SecureString
$TenantCredentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $TenantUname, $TenantPass
$msoExchangeURL = “”

$session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msoExchangeURL -Credential $TenantCredentials -Authentication Basic -AllowRedirection

Import-PSSession $session
Connect-MSOLService -Credential $TenantCredentials

#Set mailbox quota’s in Exchange Online
Get-User -ResultSize Unlimited -Filter {(RecipientType -eq ‘UserMailbox’)} | Set-Mailbox -ProhibitSendReceiveQuota 25GB -ProhibitSendQuota 24GB -IssueWarningQuota 23GB

#Disconnect the Exchange Online session
Remove-PSSession -Name Session1

Save the script as force_mailbox_quotas.ps1 in the c:\scripts\Exchange_Online folder.

Part 4: create the scheduled task
On the computer/server open task scheduler and provide the service account to be used to run the task, a trigger and a schedule. The only place you have to really pay attention is with the action as below is how you need to configure it.

Action: start a program
Arguments: C:\Scripts\Exchange_Online\force_mailbox_quotas.ps1

Now simply test if the scheduled task does what it needs to do and enjoy!

2 Replies to “Automate tasks secure with Powershell against Office 365”

  1. Bonjour,

    J’ai une erreur lors de l’execution $session = …… tout fonctionne concernant les commandes au préalable

    PS C:\WINDOWS\system32> $session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $msoExchangeURL -Credential $TenantCredentials -Authentication Basic -AllowRedirection

    New-PSSession : [] La connexion au serveur distant a échoué avec le message d’erreur suivant: Le client WinRM a reçu un code d’état HTTP de 440 de la
    part du service Gestion des services Web. Pour plus d’informations, voir la rubrique d’aide about_Remote_Troubleshooting.
    Au caractère Ligne:1 : 12
    + $session = New-PSSession -ConfigurationName Microsoft.Exchange -Conne …
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo : OpenError: (System.Manageme….RemoteRunspace:RemoteRunspace) [New-PSSession], PSRemotingTransportException
    + FullyQualifiedErrorId : -2144108273,PSSessionOpenFailed

Leave a Reply

Your email address will not be published. Required fields are marked *