Teams delegation permission issue with Onpremise Exchange Server

Hello,

This behaviour is typically not caused by OAuth configuration itself, especially if Hybrid Modern Authentication is already working for mailbox access.

When a user creates a meeting from a Shared Calendar and enables the Teams meeting option, the Teams add in must obtain a valid token for the mailbox context. If the mailbox used to send the invitation does not have a valid Teams service association, the add in will return the message please log in to the meeting.

In a hybrid scenario with Exchange Server Subscription Edition on premises, the following points must be validated.

1- Confirm where the mailbox resides.

Teams meeting functionality requires the mailbox to be hosted in Exchange Online for full integration. If the user mailbox or the shared mailbox is still on premises, Teams meeting creation from that mailbox context is not supported in the same way as a cloud mailbox.

Run the following in Exchange Online PowerShell to confirm mailbox location:

Get Mailbox email address removed for privacy reasons

If the mailbox is RemoteMailbox in on premises and hosted in Exchange Online, Teams integration is supported. If the mailbox is fully on premises, this is a known limitation.

2- Verify that the user creating the meeting has a valid Teams licence and Exchange Online licence assigned in Microsoft 365.

Check in Microsoft 365 admin centre under Users and confirm:

• Microsoft Teams service plan is enabled
• Exchange Online service plan is enabled

If the meeting is created from a shared mailbox calendar, ensure that:

• The shared mailbox is hosted in Exchange Online
• The shared mailbox is not purely on premises
  
  

3- Validate Hybrid configuration.

Ensure that the following are correctly configured:

• OAuth between Exchange on premises and Exchange Online
• AuthServer and PartnerApplication objects present on premises
• IntraOrganisationConnector properly configured
• OrganizationRelationship healthy

Run on premises:

Get AuthServer

Get IntraOrganizationConnector

Test OAuthConnectivity

If OAuth is working for EWS but the mailbox is on premises, Teams meeting add in will still fail when invoked in a shared mailbox context.

4- Test the behaviour in Outlook on the web.

If the user opens Outlook on the web in Exchange Online and creates a meeting from their primary mailbox, does Teams meeting work correctly. If yes, the issue is specifically related to shared mailbox context.

5- Confirm add in token behaviour.

The Teams add in relies on Exchange Online REST and Graph endpoints. When a meeting is created from a shared mailbox where Send As or Full Access is granted but the shared mailbox has no cloud presence, token acquisition fails and the add in prompts for login.

Recommended resolution.

For full Teams meeting integration:

• Migrate shared mailboxes to Exchange Online if they are still on premises.
• Ensure the user mailbox is in Exchange Online.
• Ensure licences are correctly assigned.
  
  

Teams meeting creation from on premises only mailboxes is not supported in modern Microsoft 365 architecture.

In summary, this is typically a mailbox location limitation rather than an OAuth failure. Confirm that both the user mailbox and the shared mailbox involved in meeting creation are hosted in Exchange Online to resolve the issue.