Forum Discussion

Copper Contributor

May 28, 2024

Cant call 'Get-SecOpsOverridePolicy' after successfully authentication to Exchange online

I have the following issue after my code has been working without issues for a long time in production. Nothing new has been installed lately. After successfully connecting to Exchange Online us...

Exchange Online Cmdlets

powershell

Security & Compliance

Harm_Veenstra

MVP

Jun 02, 2024

Ihor_Piontkovskyi

You can use Get-ManagementRole to view the required roles for a certain cmdlet. Here's my output:

C:\Users\HarmVeenstra> Get-ManagementRole -Cmdlet Get-SecOpsOverridePolicy

Name                       RoleType
----                       --------
Organization Configuration OrganizationConfiguration
Security Admin             SecurityAdmin
Security Reader            SecurityReader
View-Only Configuration    ViewOnlyConfiguration

Ihor_Piontkovskyi
Copper Contributor
Jun 03, 2024
Harm_Veenstra

Thank you for your response.

As I mentioned in the question I ensured that the application for which the token has been issued possesses both Security Administrator and Exchange Administrator assignments, along with Exchange.ManageAsApp permission.
In this scenario, Exchange Administrator is encompassed within the Organization Management role group. Thus, technically, my application holds sufficient permissions to execute that cmdlet.
- Harm_Veenstra
  MVP
  Jun 30, 2024
  Any update?
- Harm_Veenstra
  MVP
  Jun 03, 2024
  I created a new App Registration and assigned Exchange.ManageAsApp, together with the Exchange Administrator and Security Admin Role. I connected using certificate-based authentication and was able to use Get-SecOpsOverridePolicy.
  
  Just to be sure, did you do Grant Admin Consent for your tenant in the API permissions blade?