This is working for me on 10.13.1. Can you confirm that in $PSHome you have libpsrpclient.dylib?

@kai-h you have the right library with the right file size and permissions. Is DYLD_LIBRARY_PATH defined? What is the output of $env:DYLD_LIBRARY_PATH?

It's undefined.

PowerShell v6.0.0-rc
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /Users/kai> $env:DYLD_LIBRARY_PATH                                           
PS /Users/kai> 

What does [System.Environment]::Is64BitProcess return?

@kai-h try (in the terminal before starting pwsh):

export DYLD_LIBRARY_PATH=/usr/local/microsoft/powershell/6.0.0-rc:${DYLD_LIBRARY_PATH}
pwsh
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection

Thank you for your persistence with this. I'm still getting the same error though.

[kai@hobbes ~]$ export DYLD_LIBRARY_PATH=/usr/local/microsoft/powershell/6.0.0-rc:${DYLD_LIBRARY_PATH}
[kai@hobbes ~]$ pwsh
PowerShell v6.0.0-rc
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /Users/kai> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection                 

PowerShell credential request
Enter your credentials.
User: admin@example.onmicrosoft.com
Password for user admin@example.onmicrosoft.com: ********


An error has occurred that was not properly handled. Additional information is shown below. The PowerShell process will exit.

Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Management.Automation.Remoting.PrioritySendDataCollection.Clear()
   at System.Management.Automation.Remoting.Client.BaseClientTransportManager.CloseAsync()
   at System.Management.Automation.Remoting.Client.WSManClientSessionTransportManager.CloseAsync()
   at System.Management.Automation.Remoting.Client.BaseClientTransportManager.Finalize()
Abort trap: 6
[kai@hobbes ~]$ 

I'd like to confirm that I can successfully connect to Office 365 from PowerShell hosted on an Azure Ubuntu virtual machine, using the exact same details as I'm trying on the Mac.

PowerShell v6.0.0-rc
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /home/kai>  $PSVersionTable                                                                                                                               

Name                           Value                                                                                                                        
----                           -----                                                                                                                        
PSVersion                      6.0.0-rc                                                                                                                     
PSEdition                      Core                                                                                                                         
GitCommitId                    v6.0.0-rc                                                                                                                    
OS                             Linux 4.4.0-22-generic #40-Ubuntu SMP Thu May 12 22:03:46 UTC 2016                                                           
Platform                       Unix                                                                                                                         
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                                                      
PSRemotingProtocolVersion      2.3                                                                                                                          
SerializationVersion           1.1.0.1                                                                                                                      
WSManStackVersion              3.0                                                                                                                          


PS /home/kai> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection                                                                                                          

PowerShell credential request
Enter your credentials.
User: user@example.onmicrosoft.com
Password for user user@example.onmicrosoft.com: ********

PS /home/kai> Import-PSSession $Session
(at this point PowerShell starts loading remote modules etc and preparing the session)

What I'm going to do in order to remove any possible issues with me having tweaked something on my Mac that is conflicting with this is set up a clean install of macOS 10.12 and then a fresh install of PowerShell 6.0.0-rc and test if it works tonight.

It is dup #3606

Issue #3606 is kind-of a dup, but they also saw the error which I haven't seen occur in my testing.

New-PSSession : Unable to load DLL 'libpsrpclient':...

I have been able to reproduce this on a clean install of macOS 10.12.6 and a clean install of PowerShell 6.0.0-rc. Everything is with default settings, new admin account created on first boot and no settings changed for the Terminal app.

Last login: Thu Nov 30 08:11:57 on ttys000
Administrators-Mac-mini:~ admin$ pwsh
PowerShell v6.0.0-rc
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /Users/admin> $PSVersionTable                                                

Name                           Value                                           
----                           -----                                           
PSVersion                      6.0.0-rc                                        
PSEdition                      Core                                            
GitCommitId                    v6.0.0-rc                                       
OS                             Darwin 16.7.0 Darwin Kernel Version 16.7.0: T...
Platform                       Unix                                            
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                         
PSRemotingProtocolVersion      2.3                                             
SerializationVersion           1.1.0.1                                         
WSManStackVersion              3.0                                             


PS /Users/admin> $env:DYLD_LIBRARY_PATH                                         
PS /Users/admin> [System.Environment]::Is64BitProcess                           
True
PS /Users/admin> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection                             

PowerShell credential request
Enter your credentials.
User: admin@example.onmicrosoft.com
Password for user admin@example.onmicrosoft.com: *********


An error has occurred that was not properly handled. Additional information is shown below. The PowerShell process will exit.

Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Management.Automation.Remoting.PrioritySendDataCollection.Clear()
   at System.Management.Automation.Remoting.Client.BaseClientTransportManager.CloseAsync()
   at System.Management.Automation.Remoting.Client.WSManClientSessionTransportManager.CloseAsync()
   at System.Management.Automation.Remoting.Client.BaseClientTransportManager.Finalize()
Abort trap: 6
Administrators-Mac-mini:~ admin$ 

Here are the results on a clean 10.12.6 install

Last login: Thu Nov 30 08:48:11 on ttys000
Administrators-Mac-mini:~ admin$ pwsh
PowerShell v6.0.0-rc
Copyright (c) Microsoft Corporation. All rights reserved.

https://aka.ms/pscore6-docs
Type 'help' to get help.

PS /Users/admin> $Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection                                                               

PowerShell credential request
Enter your credentials.
User: admin@example.com
Password for user admin@example.com: ********


An error has occurred that was not properly handled. Additional information is shown below. The PowerShell process will exit.

Unhandled Exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at System.Management.Automation.Remoting.PrioritySendDataCollection.Clear() in /PowerShell/src/System.Management.Automation/engine/remoting/fanin/PriorityCollection.cs:line 158
   at System.Management.Automation.Remoting.Client.BaseClientTransportManager.CloseAsync() in /PowerShell/src/System.Management.Automation/engine/remoting/fanin/BaseTransportManager.cs:line 949
   at System.Management.Automation.Remoting.Client.WSManClientSessionTransportManager.CloseAsync() in /PowerShell/src/System.Management.Automation/engine/remoting/fanin/WSManTransportManager.cs:line 1219
   at System.Management.Automation.Remoting.Client.BaseClientTransportManager.Finalize() in /PowerShell/src/System.Management.Automation/engine/remoting/fanin/BaseTransportManager.cs:line 998
Abort trap: 6
Administrators-Mac-mini:~ admin$ 

Just to be sure I'm not missing something, I heard it was possible to run a Docker instance on macOS and spin up a PowerShell 7 core using mcr.microsoft.com/powershell — but when I tried that I hit the same roadblock. I believe this would only work for the Windows-based images, correct? So we're still stuck in the same boat ⛵

I've written up some instructions that work around these issues and are confirmed working with the latest version of PowerShell (I've tested with 7.1.0 Release) and any recent version of macOS (I've tested on macOS 11 Big Sur).
https://automatica.com.au/2020/12/installing-powershell-on-macos-for-remote-administration-of-microsoft-365/

Basically, install PowerShell via the pkg installer on GitHub. Then install MacPorts and with MacPorts install OpenSSL 1.0
sudo port install openssl10. Finally, symlink /opt/local/lib/openssl-1.0 to /usr/local/opt/openssl/lib

I am yet to test, but I believe this will NOT work on any of the new M1 arm64 architecture Macs as the PowerShell binaries are x86_64 yet the OpenSSL libraries installed by MacPorts will be arm64. I'm sure there is a way to specify that MacPorts installs the x86_64 version of a library on an arm64 machine, but I don't know how to.

Despite the fact that this works, it shouldn't need to be done.

PowerShell needs to work with up-to-date versions of OpenSSL. It should also NOT have hardcoded paths for support libraries. It should not require old, and known insecure, versions of third-party libraries.

All this is going to be a moot point in due course as the Mac version of PowerShell will not authenticate to MS365 with modern authentication, it only supports legacy authentication. I have been unable to get an answer about, or even find out who is responsible for, modern authentication in PowerShell on non-Windows platforms.

Automatica

Installing PowerShell on macOS for remote administration of Microsoft 365

There are a couple of catches to install PowerShell on macOS and have it work for remote sessions to Microsoft 365 / Azure AD / Exchange Online. First, install the latest release version of PowerSh…

@kai-h That's a nice writeup and it's a noble effort, but honestly - if anyone has tenants left on 365 that DON'T use MFA then they're being foolish at best and negligent at worst. I strictly require it across the tenants I engage with. So not being able to connect with modern auth is a non-starter unfortunately.

I hope MS stops finger pointing and just finds a way to fix this. Is it really that much of an edge case to want to manage 365 from a Mac these days?

I hear you. I strongly advise my clients to use MFA for all of their user accounts, even if it is not turned on tenancy-wide.
It is frustrating that Microsoft have invested so much effort into making PowerShell work on non-Windows platforms, yet what is likely the most common use case, administering Office 365, Exchange Online and Azure, simply doesn't work out of the box, and can not work with Modern Authentication. So near, yet so far.
I'm sure there may be some other edge cases for using PowerShell on other platforms, and it's an excellent exercise in good coding practice to ensure that a big project like this works on other platforms, but in terms of actually using it, I can't see anyone administering a fleet of Macs, or Linux boxes, with PowerShell. It's here so we can talk to Office 365 and Azure.

@kai-h you shouldn't need to install the older OpenSSL if you use my fork. It's compiled against the newer OpenSSL version (1.1.x) distributed by Homebrew and I've been meaning to see if it will be possible to use the LibreSSL version that comes stock standard. I haven't actually tested it against Big Sur (or M1) but I would assume it would just need to be recompiled and that's it.

Thank you @jborean93, I'll have to give that a go. Why Microsoft can't do this is beyond me.
Do you know if it still searches for the OpenSSL library at a fixed path /usr/local/opt/openssl/lib, or does it use LD_LIBRARY_PATH to find the correct library?

Why Microsoft can't do this is beyond me.

I honestly can't blame them even if I wished the situation was better. The mi library was maintained by a separate team and is based on C so requires a completely different skill set to maintain and support. From experience the code there is quite complex and not something easy to maintain. Once that team dropped support for macOS or PowerShell then the PowerShell team had little choice. What would be nice is if the WSMan code could be implemented in pure .NET and maintained by them as a lot of the fundamental work is already in place in .NET but this is also not a trivial task to achieve. So in the end I decided to just fork the library and fix up the stuff I could. Things that I fixed with this fork

• Compiled against OpenSSL 1.1.x on platforms that distribute this version
• Fix up GSSAPI library calls on the various platforms
  • macOS can use Kerberos now, but NTLM only works over HTTPS
  • Other distributions should allow both Kerberos and NTLM (if the NTLM libs are present)
• Can use your implicit Kerberos credential from kinit, no need to use -Credential on your connections if you already have a token
• Fix up some of the message encryption bugs so it works on on-prem Exchange hosts over HTTP
• Increase the password length limit to support modern auth
• Will perform the CA and CN (CN if the version of OpenSSL supports it) verification checks when using HTTPS
• Includes a slightly customised libpsrpclient to use an implicit -Authentication Negotiate to act like Windows
  People are free to use it but it isn't affiliated with the PowerShell team in any way.

Do you know if it still searches for the OpenSSL library at a fixed path /usr/local/opt/openssl/lib, or does it use LD_LIBRARY_PATH to find the correct library?

Before I continue, all this is relevant only to macOS, for Linux this info does not apply.

It's still hardcoded to /usr/local/opt/openssl@1.1/lib/lib*.dylib but it is at least for OpenSSL 1.1 and not 1.0. The main reason why it is hardcoded is because libssl and libcrypto are not in any of the default library paths for macOS /usr/lib, /usr/local/lib, or ~/.lib. When you have a dynamically linked lib with @rpath/lib.dylib on macOS it will search in those default paths or ones specified by LD_LIBRARY_PATH (strong caveats with this env var on macOS). So a user who uses this library and has OpenSSL 1.1.x installed from Homebrew will still fail to load the library leading to a poor user experience. By hardcoding the path to the version installed by Homebrew we can at least have a works out of the box situation as long as the dependencies have been met.

In saying all that, if you really want to rely on the environment or use a different path for your specific setup you can change them yourself. To do this you need to run install_name_tool -change <original path> <new path> <lib.dylib path>. For example here are the paths that my fork is set to by default

/usr/local/microsoft/powershell/7/libmi.dylib:
        /opt/omi/lib/libmi.dylib (compatibility version 0.0.0, current version 0.0.0)
        /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.100.1)
        /usr/lib/libpam.2.dylib (compatibility version 3.0.0, current version 3.0.0)
        /usr/local/opt/openssl@1.1/lib/libssl.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)
        /usr/local/opt/openssl@1.1/lib/libcrypto.1.1.dylib (compatibility version 1.1.0, current version 1.1.0)
        /usr/lib/libz.1.dylib (compatibility version 1.0.0, current version 1.2.11)

If I wanted to change the libssl and libcrypto library to scan from rpath I would run

install_name_tool -change \
    /usr/local/opt/openssl@1.1/lib/libssl.1.1.dylib \
    @rpath/libssl.1.1.dylib \
    /usr/local/microsoft/powershell/7/libmi.dylib

install_name_tool -change \
    /usr/local/opt/openssl@1.1/lib/libcrypto.1.1.dylib \
    @rpath/libcrypto.1.1.dylib \
    /usr/local/microsoft/powershell/7/libmi.dylib

You would need to run this as sudo and I highly recommend you make a backup of the libraries before you change them in case something breaks. You also want to make sure that the library you are linking to is actually compatible. You won't be able to use install_name_tool to change the libssl.1.0.dylib to use libssl.1.1.dylib as they are not API and ABI compatible.

I've been meaning to look into linking against the builtin LibreSSL libs that macOS ships with but I would be concerned it will start to lag behind just like the shipped OpenSSL version that Apple had before they swapped to LibreSSL. For now relying on a newer version from homebrew gives us a new library that continues to be updated by homebrew which follows what other Linux distributions offer.

Why Microsoft can't do this is beyond me.

This is an obsessive situation for the past few years, but this is a fact, possibly the result of internal political wars. :-)

It seems MSFT PowerShell team has decided to convert Remoting to a subsystem, which will open up the possibility of creating alternative Remoting implementations. If this happens, perhaps we will have time in next milestone to get a new implementation based on .Net WebSockets (?) that will work on all platforms without external dependencies.

Same issue.

So in the end, it's not possible to connect to exchange online via linux powershell if MFA is enable yet, right ?

As far as I know, no - not on a non-Windows platform.

With the one provided with PowerShell there's a good chance it won't work but it really depends on the distribution, i.e. macOS is very likely not to work. With my forked version you definitely can. It's one of the integration scenarios I test out when creating a new release https://github.com/jborean93/omi/blob/67fb46865b76ecd5d89a990fdedeb32cd219143f/libmi.tests.ps1#L470-L518.

GitHub

jborean93/omi

Open Management Infrastructure. Contribute to jborean93/omi development by creating an account on GitHub.

@jborean93
So you think this script can be tweaked to connect via lin ?
https://o365reports.com/2019/10/05/connect-all-office-365-services-powershell/

Office 365 Reports

Connect to all Office 365 Services Powershell (Supports MFA too)

We have created “All-in-One” PowerShell script that connects all Office 365 services using PowerShell with MFA/non-MFA account.