This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(316.8, 57.99999999999999%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAH%3C/text%3E%3C/svg%3E)
I'm trying to register service principal in Exchange following instructions in https://learn.microsoft.com/en-us/exchange/client-developer/legacy-protocols/how-to-authenticate-an-imap-pop-smtp-application-by-using-oauth. I'm connecting to Exchange Online from my Windows Powershell, but encountered the CommandNotFoundException when running New-ServicePrincipal.
I can confirm that I connected succesfully since Get-mailbox command does work. I did find someone encountered the same in this thread: https://learn.microsoft.com/en-us/answers/questions/1027098/facing-new-serviceprincipal-the-term-new-servicepr, I do have app administrator role in Microsoft Azure, so not sure if it's a perms issue. I tried running the Get-ManagementRole command suggested in the answer, but this also gives me the same error "The term 'Get-ManagementRole' is not recognized as the name of a cmdlet, function, script file, or operable program"
It's a permission issue, your Azure admin role does not translate to admin role in Exchange Online. Talk to your M365 admin/IT desk to grant you the necessary permissions, or ask them to create the service principal on your behalf.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(284.8, 17%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EYS%3C/text%3E%3C/svg%3E)
Hi @Anna He ,
Yes, it sounds like a permission issue.
I tried following this document to find out the permission required for New-ServicePrincipal, the output shows that the Role Management role is required and by default it's only assigned to the Organization Management role:
The Get-ManagementRole command you mentioned also needs the Role Management role according to this link.
So, in summary, you would need to contact your global admin or others who manage the role assignment to add your account to the Organization Management role group.
If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.