This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(307.2, 17%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPP%3C/text%3E%3C/svg%3E)
Connect-ExchangeOnline -CertificateThumbprint "xxx" -AppId "xxx" -Organization company.com
getting below error for above command please guide me where I'm lagged
Error Acquiring Token:
System.Exception: Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"Mitigatio
n: change the scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the s
ecurity posture of Azure AD. Your TenantID is: tttjrs5558a3. Please refer to https://go.microsoft.com/fwlink/?linkid=21
61187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 6776
Correlation ID: 564g457
Timestamp: 2022-11-01 17:20:17Z ---> Microsoft.Identity.Client.MsalServiceException: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3
DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: 655ghb5 Please ref
er to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact
your administrator.
Trace ID: oiyuyo77
Correlation ID: a545ff
Timestamp: 2022-11-01 17:20:17Z
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<HandleTokenRefreshErrorAsync>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.<ExecuteAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__29.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__29.MoveNext()
Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"Mitigation: change the
scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security
posture of Azure AD. Your TenantID is: 1y. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187
and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 5t55t
Correlation ID: t555t
Timestamp: 2022-11-01 17:20:17Z
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.0.0\netFramework\ExchangeOnlineManagement.psm1:726 char:21
throw $_.Exception.InnerException;
\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~
Any suggestion will greatly appreciated
Thanks,
Pavan
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 74%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERM%3C/text%3E%3C/svg%3E)
If you don't want to permanently allow the use of TLS 1.2 on your client machine, add this at the top of the script containing the Connect-ExchangeOnline smdlet:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Ah yes. Good one too!
Was it working before?
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor
Make sure the client you are running this from is enforcing TLS 1.2
Apply those registry settings and reboot and try again:
Was it working before -- NO
I'm trying this first time
I followed this blog steps --> https://learntechfuture.com/2020/08/17/connect-exchange-online-v2-via-certificate-auth-for-automation/#:~:text=Connect%20Exchange%20Online%20with%20Cert%20Auth%20and%20use,%3E%20App%20Registrations.%20Click%20on%20%E2%80%98%20New%20Registration%E2%80%99
well, ensure your client machine is using and enforcing TLS 1.2
also make sure you are connecting with the right syntax and steps.
I didnt click on the link you provided.
Here is the official one:
https://learn.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
Note that organization needs to be the onmicrosoft.com one, not the custom domain
Connect-ExchangeOnline -CertificateThumbPrint "012THISISADEMOTHUMBPRINT" -AppID "36ee4c6c-0812-40a2-b820-b22ebd02bce3" -Organization "contosoelectronics.onmicrosoft.com"