Hi Community,
We have some scripts deployed in different clients (different Tenants) where we use the cmdlet "Search-UnifiedAuditLog".
These scripts connect to ExchangeOnline using an App registered in the Tenant (each client has it own App) and using a Self-Signed certificate:
In the script we use the cmdlet "Search-UnifiedAuditLog" and this have been working during months but from saturday 20/5 an error appears when using the cmdlet.
So, it seems that a change have been made in Microsoft side making that now doesn't work because we got the same error in all ot our clients (diferentes tenants) without making any change in the script, installed Exchangeonline module (version 3.1.0) or anyhing else from Saturday 20/5.
So, I request your help to check if you have or can recreate the same problem and how to fix it.
Below the error when connecting using the App and how it works when connecting using credentials (the "user@company.com" obviously is not real and replaces the real userprincipalname)
PS C:\Users\user> Connect-ExchangeOnline -Organization $organization -AppId $clientid -CertificateThumbprint $certificatethumbprint
----------------------------------------------------------------------------------------
This V3 EXO PowerShell module contains new REST API backed Exchange Online cmdlets which doesn't require WinRM for Client-Server communication. You can now run these cmdlets after turning off WinRM Basic Auth in your client machine thus making it more secure.
Unlike the EXO* prefixed cmdlets, the cmdlets in this module support full functional parity with the RPS (V1) cmdlets.
V3 cmdlets in the downloaded module are resilient to transient failures, handling retries and throttling errors inherently.
However, REST backed EOP and SCC cmdlets are not available yet. To use those, you will need to enable WinRM Basic Auth.
For more information check https://aka.ms/exov3-module
----------------------------------------------------------------------------------------
PS C:\Users\user> Search-UnifiedAuditLog -enddate $EndDate -startdate $StartDate -UserIds "user@company.com" -resultsize 5000
Write-ErrorMessage : One or more errors occurred.
En C:\Users\user\AppData\Local\Temp\tmpEXO_k1eb1aj3.2j2\tmpEXO_k1eb1aj3.2j2.psm1: 1120 Carácter: 13
+ Write-ErrorMessage $ErrorObject
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Search-UnifiedAuditLog], Exception
+ FullyQualifiedErrorId : [Server=DB4PR03MB9409,RequestId=cb62cac9-7756-7cdf-da1e-d0d4b568ab80,TimeStamp=Mon, 22 May 2023 08:25:55 GMT],Write-ErrorMessage
If you connect using credentials then it works:
PS C:\Users\user> Connect-ExchangeOnline -credential $Office365credentials
----------------------------------------------------------------------------------------
This V3 EXO PowerShell module contains new REST API backed Exchange Online cmdlets which doesn't require WinRM for Client-Server communication. You can now run these cmdlets after turning off WinRM Basic Auth in your client machine thus making it more secure.
Unlike the EXO* prefixed cmdlets, the cmdlets in this module support full functional parity with the RPS (V1) cmdlets.
V3 cmdlets in the downloaded module are resilient to transient failures, handling retries and throttling errors inherently.
However, REST backed EOP and SCC cmdlets are not available yet. To use those, you will need to enable WinRM Basic Auth.
For more information check https://aka.ms/exov3-module
----------------------------------------------------------------------------------------
PS C:\Users\user> $FechaUltimoAcceso=Search-UnifiedAuditLog -enddate $EndDate -startdate $StartDate -UserIds "user@company.com" -resultsize 5000
PS C:\Users\user> $FechaUltimoAcceso.count
422
PS C:\Users\user>