The Hybrid Configuration Wizard (HCW) update that was released in April 2022 provides a free product key at no additional charge to customers who run Microsoft Exchange Server 2019 hybrid servers. Additionally, we have enabled support for using MFA-enabled administrator credentials for Hybrid Agent cmdlets.

MFA support for Hybrid Agent cmdlets 

The Hybrid Management PowerShell module is installed by HCW to the following location on the computer on which the agent is installed:

  • \Program Files\Microsoft Hybrid Service\

The module now works together with MFA-enabled administrator accounts. This module exposes following cmdlets that can now be used together with MFA. 

Get-HybridAgent

To view the installed Hybrid Agents

Update-HybridApplication

To edit parameters such as the target URI of the hybrid application

Get-HybridApplication

To view all hybrid applications in the tenant

Remove-HybridApplication

To remove a specific hybrid application

To use these cmdlets for MFA-enabled administrator accounts, admins must use the latest HybridManagement.psm1 file. You can download this file through HCW at \Program Files\Microsoft Hybrid Service\ through a rerun, or directly from https://aka.ms/HybridAgentPSM.

How to use MFA-enabled accounts with Hybrid Agent cmdlets

Import the Hybrid Management module. Run the following cmdlet at an elevated Windows PowerShell prompt: 

  • Import-Module .\HybridManagement.psm1

Notice that the new cmdlets use a userPrincipalName (UPN) parameter instead of the Credential parameter. For example, admins previously provided credentials in the following manner by using the Get-HybridAgent cmdlet: 

  • Get-HybridAgent -Credential (Get-Credential)

After this change, if the admin has an MFA-enabled account, the userPrincipalName parameter is used to provide the admin's UPN: 

  • Get-HybridAgent -userPrincipalName alan@contoso.com

After you import the new module, existing cmdlets can be used together with MFA-enabled administrator credentials. The following table lists some cmdlet examples.

Using MFA-enabled account

Using basic authentication

Get-HybridAgent -userPrincipalName <tenant admin UPN>

Get-HybridAgent -Credential (Get-Credential)

Get-HybridApplication -userPrincipalName <tenant admin UPN> -appId <GUID>

Get-HybridApplication -credential (Get-Credential) -appId <GUID>

Remove-HybridApplication -userPrincipalName <tenant admin UPN> -appId <GUID>

Remove-HybridApplication -credential (Get-Credential) -appId <GUID>

New-HybridApplication -userPrincipalName <tenant admin UPN> -targetUri “Server FQDN. For eg: https://contoso.exhybrid.com”

New-HybridApplication -credential (Get-Credential) -targetUri “Server FQDN. For eg: https://contoso.exhybrid.com”

Update-HybridApplication -appId <GUID> -targetUri “Server FQDN. For eg: https://contoso.exhybrid.com” -userPrincipalName <tenant admin UPN>

Update-HybridApplication -appId <GUID> -targetUri “Server FQDN. For eg: https://contoso.exhybrid.com” -credential(Get-Credential)

Issues that are fixed in this update 

  • The Hybrid Wizard does not sync with some retention tags and policies during an Organization Configuration Transfer process.

  • Instead of the expected TargetOwaURL value of http://outlook.office.com/mail, the HCW adds a wrong value of http://outlook.com/owa//FederatedDomain.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.