Preauthenticate Office 365 (SharePoint and Exchange) for Internal Users


Using ADFS for Single Sign On does not leverage a full Single Sign On Experience for the users. People will often see the Office 365 and need to fill in their email/upn, before Single Sign On will happen.

Thanks to a very nice OneDrive CodePlex project (http://office365drivemap.codeplex.com/), which you should visit too, I was able to write the following PowerShell script which you can use to preauthenticate Office 365 when you use ADFS.

Run the following powershell script after login (see http://msdn.microsoft.com/en-us/library/jj130675.aspx to configure the script to run after login)


$domain = "contoso.com"; # your Federated domain
$ie = new-object -com InternetExplorer.Application
$ie.navigate("https://login.microsoftonline.com/login.srf")
$ie.visible = $true #Uncomment this for debugging

# Wait for the page to finish loading
do {sleep 1} until (-not ($ie.Busy))
# We have to click the remember me checkbox before logging in, we also have to have IE be automated for this to work
try {
  $ie.document.GetElementById("_link").click()
  do {sleep 1} until (-not ($ie.Busy))
} catch {$null}

try {
  $ie.document.GetElementById("cred_userid_inputtext").value = "dummy@"+$domain
  $ie.document.GetElementById("cred_keep_me_signed_in_checkbox").click()
  do {sleep 1} until (-not ($ie.Busy))
  $ie.document.GetElementById("cred_sign_in_button").click()
  do {sleep 1} until (-not ($ie.Busy))
}catch {$null}

sleep -seconds 15 # give plenty of time to redirect
$ie.Quit()

For exchange it is quite easy to create a auto-login just with some DNS modification. You just need to create a CNAME to outlook.com.

e.g. webmail.contoso.com => outlook.com

Advertisements