Connect-ExchangeOnline -CertificateThumbprint "xxx" -AppId "xxx" -Organization company.com throwing below error

Pavan Patil 21 Reputation points
2022-11-01T18:08:15.663+00:00

Connect-ExchangeOnline -CertificateThumbprint "xxx" -AppId "xxx" -Organization company.com

getting below error for above command please guide me where I'm lagged

Error Acquiring Token:
System.Exception: Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"Mitigatio
n: change the scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the s
ecurity posture of Azure AD. Your TenantID is: tttjrs5558a3. Please refer to https://go.microsoft.com/fwlink/?linkid=21
61187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 6776
Correlation ID: 564g457
Timestamp: 2022-11-01 17:20:17Z ---> Microsoft.Identity.Client.MsalServiceException: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3
DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: 655ghb5 Please ref
er to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact
your administrator.
Trace ID: oiyuyo77
Correlation ID: a545ff
Timestamp: 2022-11-01 17:20:17Z
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<HandleTokenRefreshErrorAsync>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.<ExecuteAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__29.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__29.MoveNext()
Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"Mitigation: change the
scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security
posture of Azure AD. Your TenantID is: 1y. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187
and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 5t55t
Correlation ID: t555t
Timestamp: 2022-11-01 17:20:17Z
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.0.0\netFramework\ExchangeOnlineManagement.psm1:726 char:21

  •                 throw $_.Exception.InnerException;    
    
  •                 \~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~    
    
    • CategoryInfo : OperationStopped: (:) [], Exception
    • FullyQualifiedErrorId : Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.def
      ault"Mitigation: change the scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated

Any suggestion will greatly appreciated

Thanks,
Pavan

Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,322 questions
Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,445 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,436 questions
0 comments No comments
{count} votes

Accepted answer
  1. Rich Matheisen 45,431 Reputation points
    2022-11-01T18:28:39.14+00:00

    If you don't want to permanently allow the use of TLS 1.2 on your client machine, add this at the top of the script containing the Connect-ExchangeOnline smdlet:

    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12  
    

1 additional answer

Sort by: Most helpful
  1. Andy David - MVP 143.8K Reputation points MVP
    2022-11-01T18:11:43.443+00:00