Many Exchange Online customers are in the final phase of migrating to OAuth (or what we call Modern authentication) and finally disabling Basic authentication for their clients. The latest summary wi...
Published Dec 05, 2022
Version 1.0
Blog Post
5 MIN READ
Notes from the field: Using app-only authentication with customized RBAC roles in Exchange Online
I am having the same issue as Skaldhor above.
The exchange online role permissions have been setup to only allow Get-Mailbox as the cmdlet and when i attempted to run Connect-ExchangeOnline with certificate information i get "The role assigned to application <GUID here> isn't supported in this scenario. Please check online documentation for assigning correct Directory Roles to Azure AD Application for EXO App-Only Authentication.".
When i assign the app registration the Exchange administrator role in Azure AD the Connect-ExchangeOnline cmdlet works but i can use all of the exchange cmdlets as if the app registration has full permissions over the exchange tenant.
Can we please get some more clarification here?