In a welcome news, yesterday the public preview of the ADAL-enabled version of the WAAD module was announced. You can read the details on the AD team blog here.
This is certainly a much anticipated release, as it will enable administrators to protect their accounts with a second factor of authentication. Until now, this was not possible because PowerShell did not communicate with the OrgID IdP or the on-prem AD FS on the passive endpoint, where 2FA happens. Moreover, we might get a solution which will enable us to “silently” perform the 2FA, for example by selecting a predefined certificate, which in turn means that we will able to use those accounts in scripts and workflows to perform unattended 2FA and substantially improve the security of our tenants. You do have one or two of those “password never expires” administrative account that’s used with the provisioning or licensing or reporting tasks, yes? 🙂
We also get a set of new cmdlets centered on Device management, which is again a much welcome addition. The blog post above gives some details on those cmdlets. There’s also the new Get-MsolHasObjectsWithDirSyncProvisioningErrors cmdlet, that has a pretty self explanatory name.