Also when you have used the mechanism of Application Access Policy, you should migrate all of your policies to RBAC as this is also going to fade away.
I wrote an article for Practical 365 about this topic:
Lately we were approached by different teams to help with some scenarios. These scenarios were a bit tricky and complex as there is currently no solution out-of-the-box. Here some examples:
no PowerShell support (on requesting system)
data from Exchange needed (which are not available in Microsoft Graph e.g: mailbox or SendAs permissions)
With that I started to look into Azure Functions as the main component for connecting to Exchange Online and retreive requested data.
Everything looks easy and makes you feel confident that this is an easy upgrade process. But not only me also teammates and other MVPs had other experiences.
You should always keep your machine up-to-date. And so you should also keep your PowerShell modules at the latest bits. Note: In prod environments I highly recommend to use only GA releases! I knew that I had to update one of my mahines and used the Cmdlet Update-Module for this task. I didn’t pay attention and did n ot expect to be upgraded to v2. First everything looked good and I experienced no issues, yet.
Almost at the same time I was approached by teammates, which suffered either the same or other errors from this module.
I also asked the community and received also various feedback about errors or not to use v1 and v2 side-by-side (even it’s explicitly supported!).
Fixing the issue
Long story short: to fix the issue perform the following steps:
uninstall allMicrosoft Graph PowerShell SDK v1 modules (this includes user and machine-wide installations!) Note: Using the Cmdlet Uninstall-Module can take a very long time, which is a known issue!
There can always be an issue with software. That’s why you should properly test new versions before upgrading to a new one. However, Microsoft should spent more time for quality management. Maybe just me, but the number of revoked or broken updates is increasing (besides outages of certain services!).
In most cases you don’t have to be worried about this. However, when you have M365 Multi-Geo, you need to pay attention to. Another reason would be preformance as it’s the same as X-AnchorMailbox header.
Recently I wanted to updated an old function, which I use in my daily work for Privilege Identity Management. Initially I just wanted to move over from using AzureADPreview to Microsoft Graph PowerShell SDK, but sometimes you just do more.
However, this was a good learning curve for me and I thought sharing would be helpful.
When you are using Publisher verification, you might know the challenges I’m writing today about. Especially with 3rd party vendors. However, I never expected that it’s like that even the functionality is GA for quite a while.
What I mean by that is the fact that Microsoft introducing this feature, recommends this as best practises and starting with September 30, 2022 makes this as a default setting, but don’t get their own apps verified:
Over the last weeks, I had to perform more than usual message traces in Exchange Online. For more details how to run such traces, Tony recently updated his article: