certificate-based authentication issue with Start-ComplianceSearch in Exchange Online PowerShell

Question

We are experiencing multiple issues with specific compliance search cmdlets in the Exchange Online PowerShell module, particularly Start-ComplianceSearch, Get-ComplianceSearchAction -Identity "test", and New-ComplianceSearchAction -SearchName "test1" -preview, New-ComplianceSearchAction -SearchName "test2" -purge and Release-QuarantineMessage -Confirm:$false. Below are the details of the setup and issues: Setup and Permissions: We are connecting using Connect-IPPSSession with certificate-based authentication: Connect-IPPSSession -Certificate $x509Cert -AppId $clientId -Organization $organization. We created an application in Azure. I have also assigned Global Administrator permissions to the application. The application has also been granted all required API permissions for Office 365 Exchange Online, including permissions like Exchange.ManageAsApp, Mail.Read, and others relevant to compliance tasks. Despite these permissions, we are still encountering issues with Start-ComplianceSearch, Get-ComplianceSearchAction, New-ComplianceSearchAction and Release-QuarantineMessage -Confirm:$false. The New-ComplianceSearch and Get-ComplianceSearch cmdlets execute without any issues. Get-ComplianceSearchAction functions properly without specifying an identity parameter. How to assign the purge, preview or compliance search role to the certificated-based application in Azure?

Answer 1

There's a known issue with CBA and some "compliance" cmdlets as mentioned in the official documentation: https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps

If you need access to those, don't use CBA/unattended login.