I was just approached by a colleague of mine having performance issues, while connecting to Exchange Online using the new EXO V2 module using app-only authentication.
The behavior lead into an overall elapsed timespan of over one minute, until the connection was finally established!
When you are using app-only authentication, while connecting to Exchange Online PowerShell, you experience a high delay.
Here you can see the difference timewise:
Note: For more information about app-only authentication follow this link https://aka.ms/exov2-cba.
You might wonder what the difference is between the two parameter sets:
The difference is ONLY the value of the required parameter Organization!
In the fast I used the .onmicrosoft.com domain of the tenant, while in the slow scenario I used a domain, which is registered in the tenant. Even though the domain is correctly registered and everything is okay, the penalty timewise is huge.
Note: When the used domain also matches the on-premises Active Directory DNS domain and the computer is joined to this domain, it takes that long as shown above. Example: DNS domain is contoso.com and you have this domain also registered in your tenant.
There is a small hint in the documentation, but not related to performance (also on the same page https://aka.ms/exov2-cba):
I checked with Fiddler and could see the following error and the retries until it starts working:
Microsoft.Exchange.Admin.OData.Core.ODataServiceException: CrossTenantAccessNotAllowed: For AppOnly flow Tenant in token <tenant domain> doesn’t match with Tenant in request Url <domain>.
With some tools you can do some reverse engineering and see that in app-only scenario a system mailbox is used as routing hint, which is the reason you cannot use the GUID of your tenant:
But so far I have not found the extra huge delay, when the machine is joined to the domain and the DNS domains matching…
I hope this post helps someone. I wish the Tip about the domain for the parameter Organization given by Microsoft would have been more clear.