Use a tool such as jwt.ms to decode the token and make sure the relevant scopes are present therein. Also make sure that the corresponding service principal object has been assigned an admin role, at the least Global reader.
Connect-ExchangeOnline Unauthorized
I want to connect exchange online service through powershell. I use the EXO V3 for that.
I use access token as authentication mechanism. I created an app on azure active directory and give it permission of Exchange.ManageAsApp and also add this app in Exchange Administrator role. But when I connects it using command
Connect-ExchangeOnline -AccessToken $token -Organization company.onmicrosoft.com
// For creating access token I use
$body = @{
Grant_Type = “refresh_token”
Scope = "https://outlook.office365.com/.default"
Client_Id = $client_id
Client_Secret = $secret
Refresh_Token = $refresh_token
}
$connection = Invoke-RestMethod `
-Uri https://login.microsoftonline.com/common/oauth2/v2.0/token `
-Method POST `
-Body $body
$token = $connection.access_token
but it gives me "OperationStopped: UnAuthorized" this error. While running using verbose parameter it gives me this.
VERBOSE: Returning precomputed version info: 3.1.0
VERBOSE: ModuleVersion: 3.1.0
VERBOSE: [ThreadID: #] Returning the provided AccessToken
VERBOSE: Failed to fetch banner content from server. Reason: Object reference not set to an instance of an object.
VERBOSE: ConnectionContext Removed
OperationStopped: UnAuthorized
Please help me out with it.
2 additional answers
Sort by: Most helpful
-
Janakar 1 Reputation point
2023-04-28T11:49:07.6033333+00:00 Tenant: with only Azure Free subscription.
Cmdlet: Connect-ExchangeOnline
User Account Priviledge: Global Administrator
Error: UnAuthorized
Kindly assist.
-
Mohamed BEN AMOR 0 Reputation points
2023-12-07T15:08:40.4833333+00:00 Hello , you can follow this steps:
Make a request to get the Token
Import-Module MSAL.PS Import-Module ExchangeOnlineManagement $graphAppId = 'APP_ID' $graphAppSecret = ConvertTo-SecureString -String 'YOUR_SECRET_APP_AZURE' -AsPlainText -Force $tenantId = 'TENANT_ID' $tokenGraph = Get-MsalToken -ClientId $graphAppId -ClientSecret $graphAppSecret -TenantId $tenantId -Scopes "https://outlook.office365.com/.default"
Open the connection using the Token
Connect-ExchangeOnline -AccessToken $($tokenGraph.AccessToken) -AppId $graphAppI -Organization "YOUR_DOMAIN"