If you don't want to permanently allow the use of TLS 1.2 on your client machine, add this at the top of the script containing the Connect-ExchangeOnline smdlet:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Connect-ExchangeOnline -CertificateThumbprint "xxx" -AppId "xxx" -Organization company.com
getting below error for above command please guide me where I'm lagged
Error Acquiring Token:
System.Exception: Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"Mitigatio
n: change the scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the s
ecurity posture of Azure AD. Your TenantID is: tttjrs5558a3. Please refer to https://go.microsoft.com/fwlink/?linkid=21
61187 and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 6776
Correlation ID: 564g457
Timestamp: 2022-11-01 17:20:17Z ---> Microsoft.Identity.Client.MsalServiceException: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3
DES cipher which are deprecated to improve the security posture of Azure AD. Your TenantID is: 655ghb5 Please ref
er to https://go.microsoft.com/fwlink/?linkid=2161187 and conduct needed actions to remediate the issue. For further questions, please contact
your administrator.
Trace ID: oiyuyo77
Correlation ID: a545ff
Timestamp: 2022-11-01 17:20:17Z
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<HandleTokenRefreshErrorAsync>d__26.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.ClientCredentialRequest.<ExecuteAsync>d__2.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.Internal.Requests.RequestBase.<RunAsync>d__12.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Identity.Client.ApiConfig.Executors.ConfidentialClientExecutor.<ExecuteAsync>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__29.MoveNext()
--- End of inner exception stack trace ---
at Microsoft.Exchange.Management.AdminApiProvider.Authentication.MSALTokenProvider.<GetAccessTokenAsync>d__29.MoveNext()
Case when Message contains:AADSTS70011 Invalid scope. The scope has to be of the form "https://resourceUrl/.default"Mitigation: change the
scope to be as expectedAADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security
posture of Azure AD. Your TenantID is: 1y. Please refer to https://go.microsoft.com/fwlink/?linkid=2161187
and conduct needed actions to remediate the issue. For further questions, please contact your administrator.
Trace ID: 5t55t
Correlation ID: t555t
Timestamp: 2022-11-01 17:20:17Z
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\3.0.0\netFramework\ExchangeOnlineManagement.psm1:726 char:21
throw $_.Exception.InnerException;
\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~\~
Any suggestion will greatly appreciated
Thanks,
Pavan
If you don't want to permanently allow the use of TLS 1.2 on your client machine, add this at the top of the script containing the Connect-ExchangeOnline smdlet:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
Was it working before?
https://learn.microsoft.com/en-us/troubleshoot/azure/active-directory/enable-support-tls-environment?tabs=azure-monitor
Make sure the client you are running this from is enforcing TLS 1.2
Apply those registry settings and reboot and try again: