How can I authenticate against Exchange Online using service principal?

Question

I need to connect to Exchange Online using specific service principal, but I am getting error

I am trying to authenticate via Connect-ExchangeOnline -AccessToken $token -Organization $organization

We have latest Adaxes version installed btw aka 3.8.0 version of the ExchangeOnlineManagement module is used automatically.

Answer 1

Hello,

Unfortunately, there is no such possibility. Using method $Context.CloudServices.ConnectExchangeOnline() is the only option in Adaxes scripts. However, thank you for the suggestion. We forwarded it to the corresponding department for consideration.

Comments

So it means I have to grant required permissions to service account running Adaxes service?

---

Hello,

The Adaxes service account (specified during Adaxes installation) does not take any part in establishing the connection to Exchange Online. The credentials of the user or application account specified for your Microsoft 365 tenant. For details on how to check/change the credentials, see https://www.adaxes.com/help/ChangeTenantServiceAccount. No matter which of the two is used, they were granted most of the usually required permissions for the Microsoft 365 tenant registration in Adaxes.

---

OK, I have added permission Exchange.ManageAsAppV2 and one of the EXO Roles to the tenant service principal, but when invoking $Context.CloudServices.ConnectExchangeOnline() inside the adaxes report code I get error

Is there anything else what needs to be done to have this working?

Thanks

---

Hello,

Are you executing your script in a report? If so, the method must have a parameter. For details, see https://adaxes.com/sdk/ReportCloudServicesScriptContextClass/#ConnectExchangeOnline_details.

---

I see.

OK I have customized the code to look like this

and now I am getting following error

$targetDN should be DN of the user specified in the parameter picker, so not sure what is wrong now

---

Hello,

Do you have your Microsoft 365 tenant registered in Adaxe with the credentials of a user account? If that is correct, the error is expected and is on the Microsoft side. To resolve the issue, change the tenant registration in Adaxes to a Microsoft Entra app. The following article will be helpful: https://www.adaxes.com/help/RegisterAdaxesAsAppMicrosoftAzure.

---

We are already using an app (service principal I've already mentioned)

---

Hello,

For further troubleshooting, please, execute the below command in Windows PowerShell on the computer where Adaxes service runs and provide us with a screenshot of the output.

Get-InstalledModule "ExchangeOnlineManagement" -AllVersions 

Also, please, provide us with a screenshot of the Multi-server environment dialog. The dialog displays how many Adaxes services you have and what their versions are. For information on how to view it, see https://www.adaxes.com/help/MultiServerEnvironment.

You can post the screenshots here or send them to us at support@adaxes.com.

---

---

Hello,

Did you execute the command in PowerShell 7? If so, please, execute it in Windows PowerShell now.

---

Yes I did, but same output is returned in windows powershell

---

Hello,

Also, try the below command in both Windows PowerShell and PowerShell 7. Does it give the same results?

Get-Module ExchangeOnlineManagement -listavailable

---

There was 3.6.0 version. I have deleted it and restarted Adaxes services.

Now no ExchangeOnlineManagement is detected in desktop nor core powershell, but I am getting still the same error.

---

Hello,

It looks like Adaxes is unable to install the module automatically. You can do it manually using the below command.

Install-Module -Name ExchangeOnlineManagement -RequiredVersion 3.8.0 

After the installation, restart the Softerra Adaxes Service Windows service.

---

I have tried to explicitly import installed 3.8.0 version but no difference.

Anyway I can see that the Adaxes builtin EXO module is being imported

So I don't think this is the problem here.

(the output is retrieved via command get-module | foreach {Write-Warning "$($_.Name) $($_.Version) $($_.Path)"} and is made before the exo auth occurs)

---

Hello,

Do we understand correctly that you face the error after clicking Generate for the report with the script?

Are you able to view properties of Exchange Online recipients in Adaxes via the UI? For example, by just opening properties of a user in the Administration console and activating the Exchange tab.