I am tryig to connect Exchange Online via Powershell using Regsitered App Id .
getting Unauthorized/InSufficient Scope while trying to connect .
I have to user AccessToken as dont have access to admin credentails . My Registered app given all permissions mentioned 'Exchange.ManageAsApp'
$tenantId = <tenantId>
$clientId = <appId>
$clientSecret = <client secret>
$tokenRequestUrl = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = @{
"grant_type" = "client_credentials"
"client_id" = $clientId
"client_secret" = $clientSecret
"scope"="Exchange.Manage"
"resource" = "https://outlook.office.com" # Update with the specific resource URL if needed
}
$response = Invoke-RestMethod -Uri $tokenRequestUrl -Method Post -Body $body
$accessToken = $response.access_token
Connect-ExchangeOnline -AppId <appId> -AccessToken $accessToken -Organization "*****.onmicrosoft.com"
App given with permissions
gettign below error :
OperationStopped: The role assigned to application 35ec1526-639c-4230-a4cb-abfab0126122 isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication.
To connect Exchange Online via PowerShell using Azure AD application grant
Exchange.ManageAsAppApplication API permission:Now when I executed the script, I got the same error like below:
The error usually occurs if the Azure AD application doesn't have required roles to perform the action.
To resolve the error, make sure to assign any one of the Microsoft Entra roles to the SPN/application. Refer this MsDoc
I assigned Active assignment Exchange Administrator role for the application:
After assigning the role, I am able to
Connect-ExchangeOnlinesuccessfully: