Share via

Azure App Permission for Get-RecipientPermission

Mark_S 0 Reputation points
2024-07-19T14:11:12.32+00:00

I have defined an Azure App with read only permission for unattended script use to monitor and report on Azure AD accounts and Mailboxes (Users and Shared). A script I am working on to facilitate user offboarding is to remove delegated mailbox access for leavers. I am trying to retrieve delegated mailbox access details and I am having an issue with permission to run Get-RecipientPermission (Get-EXORecipientPermission).

If I Connect manually using Connect-Exchangeonline with Admin creds. the permissions are retrieved successfully.

If I connect using certificate based auth' (Connect-Exchangeonline -appid $appid -organization $orgName -certificatethumbprint $certthumb), I can retrieve mailbox detail but not the delegated permission. I receive a permission error.

$TrusteeMailbox = Get-Mailbox "SharedMaibox" | get-exorecipientpermission | Where-Object {$_.trustee -eq $LeaverUPN}

get-exorecipientpermission : Error while querying REST service. HttpStatusCode=401 ErrorMessage={"error":{"code":"Unauthorized","message":"User is not allowed

to call Get-RecipientPermission","innererror":{"message":"User is not allowed to call

Get-RecipientPermission","type":"Microsoft.Exchange.Admin.OData.Core.ODataServiceException"}}}

At line:1 char:52

+ ... = Get-Mailbox "SharedMaibox" | get-exorecipientpermission | Where ...

+ ~~~~~~~~~~~~~~~~~~~~~~~~~~

*+ CategoryInfo          : ProtocolError: (:) [Get-EXORecipientPermission], RestClientException*

*+ FullyQualifiedErrorId : An error occurred while processing this request.,Microsoft.Exchange.Management.RestApiClient.GetExoRecipientPermission*
```Azure registered App permissions are:

![User's image](/api/attachments/b091554a-2849-4f7b-a1a6-4cc2c9204827?platform=QnA)

What App permission is required to retrieve the delegated permission?

Any Help much appreciated.

Mark
Azure App Configuration
Azure App Configuration
An Azure service that provides hosted, universal storage for Azure app configurations.
215 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,373 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Andy David - MVP 1.5L Reputation points MVP
    2024-07-19T14:24:02.3733333+00:00

    You will need to delegate an Exchange mgmt role and Exchange.ManageAsApp

    https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps

    0 comments