Azure AD, apps and consent grant (service accounts)

In the past months. I’ve seen a lot of tickets and question from developer, service owner and some IT pros in regards of OAuth, consent and permissions (delegated/application).

Especially 3rd party applications and their documentation is missing very often some details. Therefore, I’m writing this post.

Continue reading

ApplicationAccessPolicy for EWS

I’m really excited about the fact that Microsoft fulfilled the ask for supporting Exchange Web Services (EWS) protocol in ApplicationAccessPolicy as announced here:

https://techcommunity.microsoft.com/t5/exchange-team-blog/application-access-policy-support-in-ews/ba-p/2110361

Unfortunately Microsoft seems to make it harder for you to add EWS permission full_access_as_app to your app.

Continue reading

The future of Exchange Online automation with EXOv2

I know that this topic is really a topic with gets high attention.At the moment there is nothing available in Microsoft Graph, which would make it possible to manage objects in Exchange Online.

The few things, which exists, are more for end-user (e.g.: accessing their e-mails, calendar or tasks) and for auditing and reporting (e.g.: Security API). Nothing available for managing a mailbox permissions or attributes. Not even like simple CustomAttribute1-15.

Now Microsoft released a new Exchange Online PowerShell module: EXOv2.

Continue reading

EXO V2 module, earlier .NET versions and pesky TLS1.0/1.1

It’s been a while that the new module for managing Exchange Online using PowerShell.If not yet aware, please check out how to Use the Exchange Online PowerShell V2 module.

It’s not perfect (yet!), but huge improvements and Microsoft is working hard to get the module improved.

On my transition to the new module, I was made aware of connectivity issues by some colleagues:

New-ExoPSSession : An error occurred while sending the request..
At C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\0.3582.0\ExchangeOnlineManagement.psm1:401 char:30…

PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro …

But the issue existed ONLY when using the parameter -Credential

Continue reading

OAuth: Get-AccessToken

Since everything is shifting towards cloud, folks are looking more and more into possibilities and how cloud features can be incorporated into products.

One crucial topic is all around Authentication and Authorization. OAuth is the most used word in the past month,when I was approached by developers and they wanted to access somehow Exchange related data. I realized that many people having problems writing their code and usually we get blamed that we haven’t registered an application correctly in Azure AD.

Thus it’s on us to prove everything is okay and therefore I wrote a simple script for testing several scenarios in an easy way to make sure everything is configured correctly and you’re able to retrieve tokens.

Continue reading

Troubleshooting Autodiscover

There are often problems reported by users related to connectivity or you just setup your lab and want to know if you configured everything correct. But even when you double-checked and everything looks okay you might want to see what Autodiscover returns for a given user. Maybe not only for a given user, maybe just the result from one specific server or when you have larger environments from servers within a specific AD site.

Continue reading