Configuring App-only Authentication for Exchange Online for Powershell Scripts

Azure AD - Create App Registration

  1. Login into Azure AD > App Registrations
  2. Click New Registration menu item, just add the name and click Register.
  3. (MAKE NOTE)   Copy and make note of the Application (client) ID
  4. Click API permissions menu item. You should see the Microsoft Graph API. Click on the 3 dots and Remove Permission


  5. Now click on Add a permission.
  6. Click APIs my organization uses, and search for Office 365 Exchange Online.









  7. Click Application permissions
  8. Look for Exchange, and tick Exchange.ManageAsApp.















  9. Finally, click Grant admin consent. You should see a green tick.






Create Certificate

Run Powershell to create a new self-signed certificate. It will create two certs, one .pfx and one .cer. 
# Create certificate
$mycert = New-SelfSignedCertificate `
-DnsName "<dns>" `
-CertStoreLocation "cert:\CurrentUser\My" `
-NotAfter (Get-Date).AddYears(1) -KeySpec KeyExchange
# Export certificate to .pfx file
$mycert | Export-PfxCertificate -FilePath C:\Temp\exo2.pfx `
-Password $(ConvertTo-SecureString -String "<password>" -AsPlainText -Force)
# Export certificate to .cer file
$mycert | Export-Certificate -FilePath C:\Temp\exo2.cer
view raw certificate-appregistration hosted with ❤ by GitHub

Azure AD - Upload Certificate

  1. Back in Azure AD, click Certificates & secrets menu item, and Upload certificate. You'll be uploading the .cer file.

Azure AD - Assign Role

  1. Go back to the main Azure AD page, click Roles and administrators menu item.
  2. Search for and click on Exchange Administrator
  3. Click Add Assignments
  4. Add the app you created as a member.

Connect

Try connecting in Powershell.

Connect-ExchangeOnline `
-CertificateFilePath "C:\Temp\exo2.pfx" `
-CertificatePassword (ConvertTo-SecureString -String "password" -AsPlainText -Force) `
-AppID "myappid" `
-Organization "myorganization"
view raw connect-exchangeonline using cert hosted with ❤ by GitHub






Comments

Post a Comment

Popular posts from this blog

Powershell Install-Module Error - Unable to Download from URI ... 0x409

This happened recently while trying to install a module. WARNING: Unable to download from URI 'https://go.microsoft.com/fwlink/?LinkID=627338&clcid=0x409' to ''. WARNING: Unable to download the list of available providers. Check your internet connection. PackageManagement\Get-PackageProvider : Unable to find package provider 'NuGet'. It may not be imported yet. Try 'Get-PackageProvider -ListAvailable'. At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1:7415 char:30 + ... tProvider = PackageManagement\Get-PackageProvider -Name $script:NuGet ... +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     + CategoryInfo          : ObjectNotFound: (Microsoft.Power...PackageProvider:GetPackageProvider) [Get-PackageProvider], Exception     + FullyQualifiedErrorId : UnknownProviderFromA...
Read more