Support Multi-Factor Authentication

[jdgregson]

As MFA adoption increases, it will become vital for Delete-Emails-O365 to support MFA-enabled login.

[jdgregson]

This article has the details we need to implement this, though it also notes an issue which may make it impossible:

You can't use the Exchange Online Remote PowerShell Module to connect to Exchange Online PowerShell and Security & Compliance Center PowerShell in the same session (window). You need to use separate sessions of the Exchange Online Remote PowerShell Module.

At the moment, Delete-Emails-O365 connects to both Exchange Online and the Security and Compliance Center. It's possible that we don't actually need Exchange.

[jdgregson]

Confirmation searches use Get-MailboxFolderStatistics to exclude the Recoverable Items folder, so we do need to connect to both Exchange Online and the Security and Compliance Center. However, it seems like we should be able to disconnect from SCC, connect to Exchange and generate the confirmation search strings, disconnect from Exchange, and connect to SCC again. We'd need to s ttore the credentials in a variable though.

[jdgregson]

Err, the Connect-EXOPSSession module won't let you pass in the password, so the user would be prompted to enter their credentials a total of 3 times while the script is running. That would be highly annoying.

[jdgregson]

Due to the complexities mentioned above (not being able to connect to Exchange and SCC at the same time using new 2FA connections) I doubt this will be implemented any time soon, if ever.

For now it may be better to use an app password for Delete-Emails, which will allow you to forgo the 2FA code. I plan to add a feature where you can save your username and password, which will make app passwords a reasonable avenue.