Microsoft exchange online powershell connection Authentication issue
I am tryig to connect Exchange Online via Powershell using Regsitered App Id .
getting Unauthorized/InSufficient Scope while trying to connect .
I have to user AccessToken as dont have access to admin credentails . My Registered app given all permissions mentioned 'Exchange.ManageAsApp'
$tenantId = <tenantId>
$clientId = <appId>
$clientSecret = <client secret>
$tokenRequestUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope"="Exchange.Manage"
"resource" = "https://outlook.office.com" # Update with the specific resource URL if needed
}
$response = Invoke-RestMethod -Uri $tokenRequestUrl -Method Post -Body $body
$accessToken = $response.access_token
Connect-ExchangeOnline -AppId <appId> -AccessToken $accessToken -Organization "*****.onmicrosoft.com"
App given with permissions
gettign below error :
OperationStopped: The role assigned to application 35ec1526-639c-4230-a4cb-abfab0126122 isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication.
To connect Exchange Online via PowerShell using Azure AD application grant Exchange.ManageAsApp Application API permission:
Now when I executed the script, I got the same error like below:
$tenantId = <tenantId>
$clientId = <appId>
$clientSecret = <client secret>
$tokenRequestUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope"="Exchange.Manage"
"resource" = "https://outlook.office.com" # Update with the specific resource URL if needed
}
$response = Invoke-RestMethod -Uri $tokenRequestUrl -Method Post -Body $body
$accessToken = $response.access_token
Connect-ExchangeOnline -AppId <appId> -AccessToken $accessToken -Organization "*****.onmicrosoft.com"
The role assigned to application xxx isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication
The error usually occurs if the Azure AD application doesn't have required roles to perform the action.
To resolve the error, make sure to assign any one of the Microsoft Entra roles to the SPN/application. Refer this MsDoc
I assigned Active assignment Exchange Administrator role for the application:
After assigning the role, I am able to Connect-ExchangeOnline successfully:
- How to reference a secret variable from an AzurePowerShell@5 task
- Poweshell to set Azure SQL Auditing
- Create Pipeline via Azure Powershell and pipelineReturnValue activity is not properly created
- Generating SAS account token in powershell
- Detected characters in arguments that may not be executed correctly by the shell. Please escape special characters using backtick (`)
- Azure Run Command Error: The string is missing the terminator: "
- How to read the name of the App Service Plan used an App Service with Azure Powershell
- Azure PowerShell command to list all Azure VM SKU Sizes enabled for Confidential Computing Azure ACC
- Get Private FQDNs, IPs, Names of the Private Endpoints for the Azure resources deployed in an Virtual Network using PowerShell Script
- Foreach parallel Missing an argument for parameter 'xxx'. Specify a parameter of type 'System.Object' and try again
- Query resources in resource groups where tags are missing
- Azure Portal PowerShell Read Global Admins Certificate
- Need to set up the e-mail notification for PowerShell runbook to send its output periodically/daily to the mail
- How to get Drive Item ID of a file from a user OneDrive using PowerShell Microsoft Graph
- Unable to connect to the server: getting credentials: exec: executable kubelogin not found
- Error: Code=InvalidTemplateDeployment; Message=The template deployment 'StAccDeployment' is not valid according to the validation procedure
- New-AzResourceGroupDeployment: Cannot retrieve the dynamic parameters for the cmdlet when trying to execute the bicep script
- Unable to acquire token for tenant 'organizations' with error 'InteractiveBrowserCredential authentication failed: User canceled authentication. '
- Get the Operating system details of the in-place upgraded Azure VM using Azure PowerShell
- How to add Mail.Send permission when creating application with secret?
- Powershell module can't find subscription when a bicep kicks it off
- Powershell 5 vs 7 different output
- Create Alert rule using New-AzScheduledQueryRuleConditionObject returns bad term
- How to check if a blob already exists in Azure blob container using PowerShell
- Is there a way to show displayName with Get-AzRoleAssignment
- Terraform script to disable multiple functions in Azure Function app
- Create Azure Purview collection using API and Powershell
- How to get the azure subscription current cost using PowerShell
- How can I toggle public network access for azure redis cache using powershell?
- How to add a property to Azure table storage row with Azure Powershell module