Update 5/7/2021: Expanded the WW URL section
A redirect URI, or Reply-URL, is where an authorization server sends a user once their app has been successfully authorized and granted an authorization code or access token. We are updating the Reply-URL list in Exchange Online PowerShell. We’ve found that one of the reply URLs in the existing lists is unsafe and we are replacing it with a new Reply-URL list by the end of March 2021.
We have already released a new version of the Exchange Online PowerShell MFA module that uses the new Reply-URL list, and we strongly recommend moving to this newer version of the module as soon as possible.
If you are an admin of an Exchange Online tenant with any of the following configurations, you are affected by this issue:
The Reply-URL being deprecated (by the end of March 2021) is ietf:wg:oauth:2.0:oob. The new Reply-URLs that should be used are:
Environment |
Reply-URL |
WW/PROD |
https://login.microsoftonline.com/organizations/oauth2/nativeclient (if using MSAL)
https://login.microsoftonline.com/common/oauth2/nativeclient |
GCC High |
|
US Gov DoD |
|
Office 365 China |
|
Office 365 Germany |
Because of the change to the Reply-URL list, you might see the following error after entering admin credentials in the HCW:
ADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'a0c73c16-a7e3-4564-9a95-2bdf47383716'.
If you see this error, download the latest HCW from https://aka.ms/hybridwizard and restart the wizard to resolve the problem.
Because of the change to the Reply-URL list, you might see the following error when using Exchange Online PowerShell v2:
Sorry, but we're having trouble signing you in.
ADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: 'fb78d390-0c51-40cd-8e17-fdbfab77341b'.
Simply update to the latest version of the module to resolve this error.
Exchange Online Admin Team
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.