Forum Discussion
Cant call 'Get-SecOpsOverridePolicy' after successfully authentication to Exchange online
After successfully connecting to Exchange Online using PowerShell and trying to get the SecOpsOverridePolicy.
Get-SecOpsOverridePolicy -Identity "SecOpsOverridePolicy"
I get the following error.
Get-SecOpsOverridePolicy: The term 'Get-SecOpsOverridePolicy' is not recognized as a name of a cmdlet, function, script file, or executable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I connect to the system using (as admin) as follows
$connData = @{ ConnectionUri = "https://ps.compliance.protection.outlook.com/PowerShell-LiveId" AzureADAuthorizationEndpointUri = "https://login.microsoftonline.com/organizations" AccessToken = "SECRET123" Organization = "myorg.onmicrosoft.com" } Connect-ExchangeOnline @connData
What puzzles me is that I can see that ExchangeOnlineManagement (tried both version 3.4.0 and 3.5.0) doesn't include the cmdlet above
Get-Command -Module ExchangeOnlineManagement CommandType Name Version Source ----------- ---- ------- ------ Function Connect-ExchangeOnline 3.5.0 ExchangeOnlineManagement Function Connect-IPPSSession 3.5.0 ExchangeOnlineManagement Function Disconnect-ExchangeOnline 3.5.0 ExchangeOnlineManagement Function Get-WrappedCommand 3.5.0 ExchangeOnlineManagement Function IsCloudShellEnvironment 3.5.0 ExchangeOnlineManagement Function UpdateImplicitRemotingHandler 3.5.0 ExchangeOnlineManagement Cmdlet Add-VivaModuleFeaturePolicy 3.5.0 ExchangeOnlineManagement Cmdlet Get-ConnectionInformation 3.5.0 ExchangeOnlineManagement Cmdlet Get-DefaultTenantBriefingConfig 3.5.0 ExchangeOnlineManagement Cmdlet Get-DefaultTenantMyAnalyticsFeatureConfig 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOCasMailbox 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOMailbox 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxFolderPermission 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxFolderStatistics 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxPermission 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOMailboxStatistics 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXOMobileDeviceStatistics 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXORecipient 3.5.0 ExchangeOnlineManagement Cmdlet Get-EXORecipientPermission 3.5.0 ExchangeOnlineManagement Cmdlet Get-MyAnalyticsFeatureConfig 3.5.0 ExchangeOnlineManagement Cmdlet Get-UserBriefingConfig 3.5.0 ExchangeOnlineManagement Cmdlet Get-VivaFeatureCategory 3.5.0 ExchangeOnlineManagement Cmdlet Get-VivaInsightsSettings 3.5.0 ExchangeOnlineManagement Cmdlet Get-VivaModuleFeature 3.5.0 ExchangeOnlineManagement Cmdlet Get-VivaModuleFeatureEnablement 3.5.0 ExchangeOnlineManagement Cmdlet Get-VivaModuleFeaturePolicy 3.5.0 ExchangeOnlineManagement Cmdlet Remove-VivaModuleFeaturePolicy 3.5.0 ExchangeOnlineManagement Cmdlet Set-DefaultTenantBriefingConfig 3.5.0 ExchangeOnlineManagement Cmdlet Set-DefaultTenantMyAnalyticsFeatureConfig 3.5.0 ExchangeOnlineManagement Cmdlet Set-MyAnalyticsFeatureConfig 3.5.0 ExchangeOnlineManagement Cmdlet Set-UserBriefingConfig 3.5.0 ExchangeOnlineManagement Cmdlet Set-VivaInsightsSettings 3.5.0 ExchangeOnlineManagement Cmdlet Update-VivaModuleFeaturePolicy 3.5.0 ExchangeOnlineManagement
Environment info:
PSVersion: [7.4.1] PSEdition: [Core] OS: [Amazon Linux 2023.3.20240304] Platform: [Unix] PSRemotingProtocolVersion: [2.3] SerializationVersion: [1.1.0.1] ExchangeOnlineManagement: [3.4.0]
I made sure that application against which token has been issued has Security Administrator & Exchange Administrator assignments as well as Exchange.ManageAsApp permission.
I also double-checked that ExchangePowerShell module is installed.
Install-Module -Name ExchangePowerShell -Scope CurrentUser -Force Get-Module -ListAvailable Directory: /Users/hraman/.local/share/powershell/Modules ModuleType Version PreRelease Name PSEdition ExportedCommands ---------- ------- ---------- ---- --------- ---------------- ... Script 3.5.0 ExchangeOnlineManagement Desk {Add-VivaModuleFeaturePolicy, Get-ConnectionInformation, Get-DefaultTenantBriefingConfig, Get-DefaultTenantMyAnalyti… Script 3.4.0 ExchangeOnlineManagement Desk {Add-VivaModuleFeaturePolicy, Get-ConnectionInformation, Get-DefaultTenantBriefingConfig, Get-DefaultTenantMyAnalyti… Script 0.11.0 ExchangePowerShell Desk {Clear-EPAutoMapping, Clear-EPExchangeLogs, Convert-EPIMCEAEXtoX500, Get-EPMaintenanceMode…} Get-Command -Module ExchangePowerShell
You can use Get-ManagementRole to view the required roles for a certain cmdlet. Here's my output:
C:\Users\HarmVeenstra> Get-ManagementRole -Cmdlet Get-SecOpsOverridePolicy Name RoleType ---- -------- Organization Configuration OrganizationConfiguration Security Admin SecurityAdmin Security Reader SecurityReader View-Only Configuration ViewOnlyConfiguration
- Ihor_PiontkovskyiCopper Contributor
Harm_Veenstra
Thank you for your response.
As I mentioned in the question I ensured that the application for which the token has been issued possesses both Security Administrator and Exchange Administrator assignments, along with Exchange.ManageAsApp permission.
In this scenario, Exchange Administrator is encompassed within the Organization Management role group. Thus, technically, my application holds sufficient permissions to execute that cmdlet.- I created a new App Registration and assigned Exchange.ManageAsApp, together with the Exchange Administrator and Security Admin Role. I connected using certificate-based authentication and was able to use Get-SecOpsOverridePolicy.
Just to be sure, did you do Grant Admin Consent for your tenant in the API permissions blade?