Microsoft exchange online powershell connection Authentication issue
I am tryig to connect Exchange Online via Powershell using Regsitered App Id .
getting Unauthorized/InSufficient Scope while trying to connect .
I have to user AccessToken as dont have access to admin credentails . My Registered app given all permissions mentioned 'Exchange.ManageAsApp'
$tenantId = <tenantId>
$clientId = <appId>
$clientSecret = <client secret>
$tokenRequestUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope"="Exchange.Manage"
"resource" = "https://outlook.office.com" # Update with the specific resource URL if needed
}
$response = Invoke-RestMethod -Uri $tokenRequestUrl -Method Post -Body $body
$accessToken = $response.access_token
Connect-ExchangeOnline -AppId <appId> -AccessToken $accessToken -Organization "*****.onmicrosoft.com"
App given with permissions
gettign below error :
OperationStopped: The role assigned to application 35ec1526-639c-4230-a4cb-abfab0126122 isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication.
To connect Exchange Online via PowerShell using Azure AD application grant Exchange.ManageAsApp Application API permission:
Now when I executed the script, I got the same error like below:
$tenantId = <tenantId>
$clientId = <appId>
$clientSecret = <client secret>
$tokenRequestUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope"="Exchange.Manage"
"resource" = "https://outlook.office.com" # Update with the specific resource URL if needed
}
$response = Invoke-RestMethod -Uri $tokenRequestUrl -Method Post -Body $body
$accessToken = $response.access_token
Connect-ExchangeOnline -AppId <appId> -AccessToken $accessToken -Organization "*****.onmicrosoft.com"
The role assigned to application xxx isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication
The error usually occurs if the Azure AD application doesn't have required roles to perform the action.
To resolve the error, make sure to assign any one of the Microsoft Entra roles to the SPN/application. Refer this MsDoc
I assigned Active assignment Exchange Administrator role for the application:
After assigning the role, I am able to Connect-ExchangeOnline successfully:
- Terraform script to disable multiple functions in Azure Function app
- Create Azure Purview collection using API and Powershell
- How to get the azure subscription current cost using PowerShell
- How can I toggle public network access for azure redis cache using powershell?
- Unable to connect to the server: getting credentials: exec: executable kubelogin not found
- How to add a property to Azure table storage row with Azure Powershell module
- Invoke-AzAksRunCommand how to run aks-command pod with toleration
- Assigning data-plane RBAC to Cosmos DB?
- Get-MgUserCalendar fails with "The specified object was not found in the store." for my own calendar
- How to create a VM using Azure Powershell
- How can I change IIS application pool property setProfileEnvironment from Powershell?
- Search-AzQuery querying authorizationresources returns 0 records
- Rename Virtual Machine Managed Disks on Microsoft Azure through PowerShell
- Is there an API to list all Azure Regions?
- Connect-AzAccount : The term 'Connect-AzAccount' is not recognized as the name of a cmdlet, function, script file, or operable program
- Addition of subnets to existing Vnet through ARM templates
- Powershell if function calling another function
- How to Combining PowerShell Output from multiple server to Single csv
- Microsoft exchange online powershell connection Authentication issue
- How to add Microsoft Graph permissions to managed identity service principal using Az PowerShell?
- Update the ImageReference property of multiple Azure Virtual Desktop (AVD) VM Hosts
- How to grant permissions to call Azure DevOps REST API using System.AccessToken?
- Get list of assigned users in an Azure Virtual Desktop host pool using Powershell
- How to install dependencies to Azure Pipeline Python
- PowerShell to get Azure API report?
- PATCH appRoles to existing Entra Application using PowerShell Invoke-RestMethod
- The term 'script:' is not recognized as the name of a cmdlet, function, script file, or operable program
- Using Try/Catch for PowerShell to switch between the two cmdlet gro group member?
- Azure Devops pipeline throwing error while running powershell script - The string is missing the terminator: "
- Azure CICD pipelines