Update: The full timeline for retirement of Basic Authentication in Exchange Online is now published in Basic Authentication Deprecation in Exchange Online – September 2022 Update.
In February 2021...
Updated Sep 01, 2022
Version 19.0
Blog Post
Since basic auth is being retired and we can only use service principals with app-based authentication in Exchange Online, are there plans to support more than the roles listed here?
https://docs.microsoft.com/en-us/powershell/exchange/app-only-auth-powershell-v2?view=exchange-ps
- Global administrator
- Compliance administrator
- Security reader
- Security administrator
- Helpdesk administrator
- Exchange administrator
- Global Reader
Use case: I have an app, OpenText, that runs powershell commands to set Legal Hold. Currently, Legal Hold is only supported in the Global Admin and Exchange Admin roles above, so I have to give them the “keys to the castle” and that is unacceptable.
With a user with basic auth, I simply grant them app role access to Legal Hold and have the app run with a long randomized username and password that is no different than using a service principal client secret, and now and I have a best practices config. Switching to modern auth and CBA, I can now no longer do that with a service principal and my only option is a wildly insecure alternative.
What are the plans within this module to address this gap?