script type="text/javascript"> jQuery(document).ready(function(){ jQuery("article.et_pb_post").each(function(){ jQuery(">a:first-child, .et_pb_image_container", this).insertAfter(jQuery(".post-meta", this)); }); });

Use FIDO2 with PowerShell for Admin tasks

In a more Cloud based world we are searching for more security. One of the reasons why we are using FIDO2 keys in our company for Highly Privileged accounts in our Azure environment.

All the admin users have a FIDO2 key and we are using a Conditional Access Policy that enforces us to use the FIDO2 key when authenticating with our Admin account.

Problem: We are not able to use PowerShell with FIDO2

As we are using the FIDO2 enforced authentication we were not able to authenticate to PowerShell modules like MicrosoftTeams. As a work-around you can use the Powershell module from the https://portal.azure.com website, but this has its limitations.

To work around and, for example, use the MicrosoftTeams module we can use POWERSHELL 7!

How to setup PowerShell 7

First of all, most systems still use PowerShell 5 as you havent updated it manually. To verify what version of PowerShell you are using run the following command in a PowerShell window:

$PSVersionTable.PSVersion

This will give some output about the version you are running. If you are on version 5 then you need to upgrade to version 7 to be able to use FIDO2 with PowerShell.

PowerShell 5 and PowerShell 7 CAN be used together!

PowerShell 7 will be installed in a different folder so you can still use the older PowerShell 5 for like the AzureAD module (although you cant authenticate with the FIDO2 policy).

Lets install PowerShell 7, run the following command to view what version is available:

winget search Microsoft.PowerShell

 

You will see some output like PowerShell and PowerShell.Preview, you can either install the normal released module or the preview version. We are using the normal released version.

To Install use the following: 

winget install –id Microsoft.Powershell –source winget

Now we have PowerShell 7 installed and can use the MicrosoftTeams module!

To Start PowerShell 7 search in the Start Menu for PowerShell 7, if you search for PowerShell you will run the old PowerShell 5.

Some Notes:

  • The AzureAD module is not compatible, use the Graph module;
  • You can use PowerShell 5 and PowerShell 7 besides each other;
  • The PowerShell module in the https://portal.azure.com is very limited, for basic usage it is fine but you can not use it for everything

 

Buy Me A Coffee
Thank you for visiting. You can now buy me a coffee!