The usage of Set-Mailbox cmdlet for Exchange Online via new preview module and certificate

Nikita Krivets 491 Reputation points
2020-07-16T08:34:41.4+00:00

Hello,

I have some troubles with getting Set-Mailbox cmdlet to work via new certificate workflow (application + app permissions + roles + certificate + new exchange online preview module).
https://www.powershellgallery.com/packages/ExchangeOnlineManagement/2.0.3-Preview

Is it even possible in this version? If so, what the requirements are?

Thanks in advance!

Exchange Server Management
Exchange Server Management
Exchange Server: A family of Microsoft client/server messaging and collaboration software.Management: The act or process of organizing, handling, directing or controlling something.
7,670 questions
0 comments No comments
{count} votes

Accepted answer
  1. Andy David 701 Reputation points
    2020-07-21T14:06:18.407+00:00

    and you can see that switch if you logon interactively with PS as an Exchange Admin ?

    1 person found this answer helpful.

5 additional answers

Sort by: Most helpful
  1. Andy David 701 Reputation points
    2020-07-20T12:43:35.867+00:00

    The only only API Permissions you should see are:
    13062-image.png

    The "Roles and Adminstrators" menu you have in that last image arent the roles assigned to the app, its the roles that can manage it, so the Exchange Admin wouldnt be listed there by default.

    1 person found this answer helpful.

  2. Manu Philip 18,681 Reputation points MVP
    2020-07-16T09:22:13.513+00:00

    Hello,
    The high level steps involved are as follows

    1. Fresh install of the ExO PowerShell module v2 using the prerelease
    2. Update
    3. generate a self signed certificate using the script available at Create-SelfSignedCertificate.ps1 and record the thumbprint
    4. Connect to your Azure portal and and register a new application
    5. Assign permissions to the newly created application
    6. Capture the Application (client) ID of the registered application
    7. Grant the admin consent to the application
    8. Upload the self-signed certificate you have generate in portal
    9. Grant one of the administration roles needed to run set-mailbox permission from the Azure AD\Roles and administrators
    10. You are now ready to include the new modern authentication in your script. Install the self-signed certificate in the Computer\Personal certificate store.
    11. Connect via: Connect-ExchangeOnline -CertificateThumbPrint “<certificate thumbprint>” -AppID “<Azure AD application ID>” -Organization “<your Office 365 tenant – mytenant.onmicrosoft.com”
    12. Try your commands

    Let me know if you are facing any challenges in any of the above steps

    Please mark as "Accept the answer" if the answer helps you. Your suggestion will help others also !

    Regards,
    Manu


  3. Andy David 701 Reputation points
    2020-07-16T19:20:32.78+00:00

    I haven't seen that. I assume the app has been assigned the Exchange role.
    What happens when you use set-mailbox? I just tested and it works fine for me.


  4. Andy David 701 Reputation points
    2020-07-18T15:31:19.197+00:00

    @Nikita Krivets , What directory role did you give the app in Azure? The Exchange role should allow that. I just double-checked and I have access to that parameter connecting through the Azure app.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.