I have an Azure VM with the Exchange.ManageAsApp Permission, and also Entra ID Security Administrator and Compliance Administrator permissions. However, when I attempt to connect to Exchange online using the following in a PowerShell session, I get an “OperationStopped: UnAuthorized” error.
Connect-ExchangeOnline -ManagedIdentity -Organisation "Org Name"
I am running this powershell session from within a Docker Container which has the PowerShell modules installed. I have also tried running this outwith the docker container and receive the same error.
Do I need to have the Exchange Administrator permission to access Exchange Online PowerShell or should the above permissions suffice?
I have been following the below URL as a guide, but I’m not sure what I’m missing:
https://learn.microsoft.com/en-us/powershell/exchange/connect-exo-powershell-managed-identity?view=exchange-ps
1
Initially, I created one Azure VM and enabled system-assigned managed identity in it as below:
Now, I granted Exchange.ManageAsApp permission to managed identity service principal by running script mentioned here:
Later, I assigned both Security Administrator and Compliance Administrator roles to managed identity service principal as below:
Note that, you need to wait for few minutes after assigning Entra ID roles to service principal. Otherwise, you will get error as below:
Connect-ExchangeOnline -ManagedIdentity -Organization <YourDomain>.onmicrosoft.com
When I tried to connect Exchange Online after some time and ran sample command, I got the response successfully like this:
Connect-ExchangeOnline -ManagedIdentity -Organization <YourDomain>.onmicrosoft.com
Get-EXOMailbox -PropertySets Archive
Response:
In your case, check whether you assigned roles to service principal of “Active” type or not. If still the error persists, try assigning Exchange Administrator role to service principal that gives you access to perform several operations.
References:
powershell – Connect-ExchangeOnline UnAuthorized – Stack Overflow by me
Entra roles required for Exchange Online PowerShell | Microsoft