Unable to retreive messages in office 365 using Invoke-RestMethod with app permission registered in azure AD

Benard Mwanza 996 Reputation points

I need to be able to read and delete emails in exchange online using REST-API. In my environment it only worked once then now am receiving error 401 upon running the PowerShell script that have created.

What i did set up.
Created an enterprise app in azure AD and assigned API Permission to access office 365 exchange online api under API my organization uses, as shown on attached snips. Retrieved access token for the app using MSAL MODULE Then called invoke-restmethod and passed uri and the auth token to get messages for certain mailbox in office 365.

This worked for once, then rerunning the invoke-restmethod again some minutes later, i get an error 401 unauthorized as shown on attached snip.

I need assistance to understand what could I be missing to make it work again.





Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,775 questions
Microsoft Exchange Online Management
Microsoft Exchange Online Management
Microsoft Exchange Online: A Microsoft email and calendaring hosted service.Management: The act or process of organizing, handling, directing or controlling something.
4,237 questions
Microsoft 365 Publishing
Microsoft 365 Publishing
Microsoft 365: Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line. Publishing: The process of preparing, producing, and releasing content for distribution or sale.
598 questions
Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,772 questions
0 comments No comments
{count} votes

Accepted answer
  1. JanardhanaVedham-MSFT 3,536 Reputation points

    Hi @Benard Mwanza ,

    You are getting this 401 Unauthorized error because you have not granted microsoft graph permissions to your app instead Office 365 Exachange Online API permissions are granted as per the API permissions screenshot which you shared above.

    Please note that you would need to configure the microsoft graph permissions to your app to use Microsoft Graph and below are the steps to be followed to grant Microsoft graph permissions for the registered app in Azure AD.
    If you are using application permissions scope in your application then you would have choose "Application Permissons" section from "Microsoft Graph" AP area as shown below
    As shown in the above screenshot, Admin must grant admin consent for "Mail.Read" application permissions.

    Hope this helps.

    If the answer is helpful, please click Accept Answer and kindly upvote it. If you have any further questions about this answer, please click Comment.

    0 comments No comments

2 additional answers

Sort by: Most helpful
  1. Benard Mwanza 996 Reputation points

    Hi @JanardhanaVedham-MSFT

    I had already assigned that permission apologies for not including it in the snips list. Its still the same error.

    0 comments No comments

  2. Benard Mwanza 996 Reputation points

    Hi @JanardhanaVedham-MSFT ,

    This has worked like magic thank you, though, have done two additional steps.

    Have revoked and removed all office 365 exchange online API permissions. Now the only assigned api permission is for Microsoft graph mail
    Granted new permission to admin
    Regenerated new access token then called invoke-restmethod again.