A sample Avalonia desktop application (targeting .NET 10) that demonstrates how to host PowerShell 7 in-process using the Microsoft.PowerShell.SDK, connect to common Microsoft 365 management endpoints (Exchange Online, SharePoint Online, and remote WSMan PowerShell URLs), and run arbitrary scripts against the resulting runspace from a simple UI.
Authored by David Barrett, Microsoft Ltd. Provided as-is, with no warranty. See
LICENSE.txt.
The application provides a single window with two main areas:
- Script Editor – Write and execute PowerShell against the connected runspace. Buttons let you connect, run, and disconnect.
- Configuration – Choose which runspace(s) to open and how to authenticate:
- PowerShell URL – Open a remote WSMan session (e.g.
https://outlook.office365.com/powershell-liveid/) with a configurableConfigurationName(defaults toMicrosoft.Exchange). - Exchange Online – Load the
ExchangeOnlineManagementmodule and callConnect-ExchangeOnline. - SharePoint Online – Load the
Microsoft.Online.SharePoint.PowerShellmodule and callConnect-SPOServiceagainst a tenant admin URL.
- PowerShell URL – Open a remote WSMan session (e.g.
- Logs – A tabbed pane shows PowerShell Output, Errors, Verbose, and host-side Automation diagnostics in real time, including MSAL device-code prompts written to
Console.Out.
| Mode | Notes |
|---|---|
| Logged-on user | Uses the current Windows identity. |
| Specified credentials | Username + password captured on the Configuration tab. Optional device code switch for Connect-ExchangeOnline -Device (recommended on Linux/macOS or any host without a WAM broker). |
| Certificate | Selected from CurrentUser\My or loaded from a .pfx/.cer file. Used with -AppId and -Organization/-TenantId for app-only auth against Exchange Online and SharePoint Online. |
- Out-of-process runspace option (
RunspaceFactory.CreateOutOfProcessRunspace) that hosts modules inside a childpwsh.exe. Useful as a mitigation for theExchangeOnlineManagementmodule's known memory growth – memory is reclaimed when the runspace is disposed. Note that this needs further testing as while the implementation looks correct (the same code works in an old .Net sample I have), I can still reproduce memory issues with EXO (and it looks like a new process is not created). - Remember settings – Configuration values and script text can optionally be persisted to a
settings.datfile next to the executable, encrypted with Windows DPAPI (CurrentUserscope) plus app-specific entropy. Unchecking the option deletes the file. - Graceful cancellation of long-running pipelines (e.g. MSAL device-code polling) on window close.
| File | Purpose |
|---|---|
MainWindow.axaml / .axaml.cs |
UI layout and event wiring. |
PowerShellHelper.cs |
Creates runspaces, loads modules, runs scripts, and streams output/errors/verbose/information records back to the UI. |
ConnectionSettings.cs |
DTO carrying Configuration-tab inputs to the helper. |
AppSettings.cs |
Persisted snapshot of the Configuration tab + script editor. |
SettingsManager.cs |
DPAPI-encrypted load/save/delete for AppSettings. |
App.axaml / Program.cs |
Avalonia bootstrap. |
- Windows (recommended) with the .NET 10 SDK.
- For Microsoft 365 connections, the relevant modules will be installed automatically into the current user scope if missing:
ExchangeOnlineManagementMicrosoft.Online.SharePoint.PowerShell
- For certificate-based app-only auth, an Entra ID app registration with the appropriate Exchange Online / SharePoint Online permissions and a certificate uploaded to the application.
From the repository root:
dotnet build "PowerShell Automation Sample.slnx"
dotnet run --project "PowerShell Automation Sample.csproj"Or open PowerShell Automation Sample.slnx in Visual Studio 2026 and press F5.
- SharePoint Online: certificate authentication only. Username/password and logged-on-user modes are not supported for SPO in this sample – use the Certificate authentication mode (with
AppId+ tenant) when enabling the SharePoint Online runspace. - Exchange on-premises has not been tested. The PowerShell URL / WSMan path is intended for and validated against Exchange Online endpoints only. On-premises Exchange Management Shell endpoints may or may not work and have not been exercised.
- DPAPI-encrypted settings persistence is Windows-only. On other platforms the "Remember settings" option is unavailable.
- MSAL/WAM interactive sign-in inside an out-of-process runspace has no console to anchor to – prefer device code or certificate authentication when using the out-of-process option.
See LICENSE.txt. Provided as a sample, with no warranties expressed or implied.