Keeping Exchange Online session active

I am working on a PowerShell GUI to perform common exchange functions. I need to have this GUI connect to exchange online as well as have an on-premise session. I can do this successfully by using the -Prefix option to differentiate which session a command should be run in. We use MFA when authenticating and I use the connect-exchangeonline module to create the PowerShell session in Microsoft 365. The problem I have is that the online session seems to break within the hour (not sure exactly after which time period but definitely seems an hour or less). I have tried the following to create a session that remains for 12hours:

$eoPSSessionOption = New-PSSessionOption -IdleTimeout “43200000”
Connect-ExchangeOnline -Prefix “EO” -PSSessionOption $eoPSSessionOption

I can then see the IdleTimeout is set to 12hours for the session.

Despite this the Get-PSSession command still shows the session as broken within the hour. The problem with a broken session is that when somebody tries to perform an action in the GUI that has to run in the online environment I can see in the PowerShell console that it is trying to create a new session but it never seems to establish it and the PowerShell GUI then just hangs and has to be closed out using task manager.

I thought about writing some code to put at the very beginning of the script using start-sleep to run a command in the exchangeonline environment every 20minutes hoping this would keep the session alive but I believe adding this will halt the whole script from loading.

Another option I have thought about is writing a function that checks the state of the exchangeonline session and if it is broken then create a new session. Then have this function run every time a user tries to do an action which needs to run in exchangeonline. Problem with this is that the connect-exchangeonline module doesn’t seem to work within a PowerShell Form/GUI and even it did this would mean the user would have to keep authenticating.

My ask here is what can I do to stop the exchangeonline session breaking and/or implement a seamless workaround for the user? Assume I cannot change any settings in the background such as whitelisting IP addresses.

Thanks in advance!

I don’t think “broken” is the same as an idle timeout. I don’t know if there is a way around that state other than re-establishing the session.

Your application could use a service account and certificate based authentication (CBA) instead of the user’s credential. That gets around your repeated authentication issue when re-establishing the session, which will allow you to cleanup sessions after each use without it becoming a nuisance to your users. The catch being it introduces the risk of anyone with access to the application effectively having the application’s Exchange Online rights. You would need to then control access to the application vs. managing admin roles in M/O365.

Details on CBA:

Kevin Blumenfeld’s posh365 module makes CBA setup pretty simple with the New-ExoCBAConnection command:

Hey Robert,
Thanks very much for the response. I think you are right that the “broken” state is not the same as idle timeout.

Thanks for the suggestion of the CBA but unfortunately as per our security policy this tool will need to run under the logged in user so ideally I need to find a way to resolve this within the script itself. I would be grateful if anybody has any other suggestions.

Regards,
Dominic